If you are using an Android phone with Qualcomm chipset, you are at risk, and here is why.
Researchers have found that Snapdragon series smartphone chipsets from Qualcomm, which is widely being used in Android devices, has over 400 instances of vulnerable code that puts millions of users at risk.
Check Point, a cybersecurity firm has found that the DSP (Digital Signal Processor) used in Qualcomm Snapdragon chipset has the vulnerable code which it is calling “Achilles” and is claimed to impact phones to be used as a spying tool.
Here is How Achilles Work
- Attackers can turn the phone into a perfect spying tool, without any user interaction required – The information that can be exfiltrated from the phone including photos, videos, call-recording, real-time microphone data, GPS and location data, etc.
- Attackers may be able to render the mobile phone constantly unresponsive – Making all the information stored on this phone permanently unavailable – including photos, videos, contact details, etc – in other words, a targeted denial-of-service attack.
- Malware and other malicious code can completely hide their activities and become un-removable.
The attacker can also lock the phone with all the data stored, rendering it useless. It can also be used to store unknown and unremovable malware on the device.
Qualcomm has been notified about it, as well as government officials and affected vendors. Given that millions of Android devices are at risk, the company has not published the details about its findings.
It is also being reported that Qualcomm has now fixed the issue but the affected devices can only be secured once the phone manufacturers start pushing the relevant updates and security patches to the affected phones, which is likely to take time.
Nothing like privacy again. Just try to b a guy or gal online
In the past, I’ll be worried about something like this but I ain’t anymore. Most likely, the manufacturers know about this and this is just some backdoor loophole for security agencies to track individuals under the illusion that they an hidden on the Internet.
Dear Yomi,
Please reach out to the guys at load.ng for a possible thorough review/interview/investigation of their service. I have a special interest in knowing how they profit – since every transaction carried out there is free. so how do they now fund their operational costs. essentially i want to know if we’re safe in their hands. Also advice them to have a TRUSTPILOT button installed on their homepage.
Thank you!
No technology is perfect
My take, Android facilitates this loophole usage, this is very unlikely to occur on other OSes running on the Qualcomm chipsets.
Beautiful share thanks Prof.