More than one BILLION Android phones could risk 400 ‘Achilles’ vulnerabilities


Security studies warn more than one billion Android phones risk becoming a spyware for hackers.

The team found 400 vulnerabilities in Qualcomm’s Snapdragon chips, which are staples in smartphones.

The flaws, collectively called ‘Achilles’, allow cybercriminals to access photos, videos, location data and other sensitive details on the handset.

First unveiled by the company Check Point, experts say that users only need to install what looks like a malicious app, but is actually riddled with malware that could allow hackers to launch their attack.

Security studies warn more than one billion Android phones risk becoming a spyware for hackers.  The team found 400 vulnerabilities in Qualcomm's Snapdragon chips, which are staples in smartphones

Security studies warn more than one billion Android phones risk becoming a spyware for hackers. The team found 400 vulnerabilities in Qualcomm’s Snapdragon chips, which are staples in smartphones

Yaniv Balmas, head of cyber research at Check Point, said: ‘You can be spied on. You can lose all your data. ‘

‘If such vulnerabilities are found and used by malicious actors, they will find millions of mobile phone users who have almost no way to protect themselves for a very long time.’

Check Point has shared its findings with Qualcomm and affected smartphone vendors, but has not placed the vulnerabilities in front of the public to give hackers no chance.

Snapdragon system-on-a-chip products can be found on leading phone products by Google, Samsung, Xiaomi, LG, and OnePlus.

Products for Snapdragon system on chip can be found on leading phone products by Google, Samsung (pictured), Xiaomi, LG, and OnePlus

Products for Snapdragon system on chip can be found on leading phone products by Google, Samsung (pictured), Xiaomi, LG, and OnePlus

However, iPhone users are safe from Achilles because Apple supplies their own processors.

Qualcomm said it tackles the vulnerability; releasing a new compiler and a new software development kit. But it is up to phone vendor to distribute patches for each model phone that carries the affected processor.

‘For vendors, this means they need to test every DSP application they use and fix any issues [that] can occur, ‘said Balmas. ‘Then they have to send these fixes to all the devices in the market. ‘

Snapdragon chips are used in a range of smartphones, wearables, car systems and other devices.

Electronic developers have long welcomed the technology for its speed and performance capabilities, power capabilities, 5G support, graphical handling and embedded fingerprint reader.

However, security experts have closely monitored these digital signal processors (DSPs), due to possible flaws, as technical specs are normally closely monitored by manufacturers.

‘While DSP chips provide a relatively economical solution that allows mobile phones to provide more functionality to end users and enable innovative features, they do come at a cost,’ Check Point researchers report in an online report.

‘These chips introduce new attack surfaces and weaknesses to these mobile devices.’

The flaws, collectively called 'Achilles', allow cybercriminals to access photos, videos, location data and other sensitive details on the handset

The flaws, collectively called ‘Achilles’, allow cybercriminals to access photos, videos, location data and other sensitive details on the handset

‘DSP chips are much more vulnerable to risks because they are managed as’ Black Boxes ‘because they can be very complex for anyone other than their manufacturer to control their design, functionality or code.’

“Our research succeeded in breaking these boundaries and we were able to take a relatively easy look at the internal design and implementation of the chip,” said Balmas.

‘Since such research is very rare, it may explain why we have found so many vulnerable code sections.’

Qualcomm said it had no evidence that the vulnerabilities were “currently being exploited”, but complained to customers to update their devices if patches were available and only install applications from trusted locations, such as the Google Play Store. ‘

.