Security News > 2020 > August > Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
2020-08-07 22:11

Six serious bugs in Qualcomm's Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday.

The researchers further focused on the communications between Android handset CPU and the Qualcomm DSP within the Hexagon framework.

Communication between the Android operating environment and the DSP Qualcomm firmware generates data that is stored in a separate library within a shared memory channel.

"Hexagon SDK is the official way for the vendors to prepare DSP related code. We discovered serious bugs in the SDK that have led to the hundreds of hidden vulnerabilities in the Qualcomm-owned and vendors' code. The truth is that almost all DSP executable libraries embedded in Qualcomm-based smartphones are vulnerable to attacks due to issues in the Hexagon SDK," researchers noted.

"The DSP is accessible for invocations from third-party Android applications. The DSP processes personal information such as video and voice data that passes through the device's sensors. As we have proven, there are many security issues in the DSP components."


News URL

https://threatpost.com/qualcomm-bugs-opens-40-percent-of-android-devices-to-attack/158194/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qualcomm 2226 0 255 1139 510 1904