Snapdragon processors have been involved in a study that found more than 400 vulnerabilities in their Hexagon DSP.
Among the many manufacturers of processors for Android, Qualcomm is the most popular thanks to its Snapdragon. However, these processors are not perfect, and a study by CheckPoint has revealed that the Californian manufacturer still has much work to improve on safety issues.
In this study, CheckPoint Research has detailed more than 400 vulnerabilities found in a very specific component of Snapdragon processors, present in mobiles from Google, Samsung, Xiaomi, OnePlus and many more.
But what is that vulnerable component and what is it for?
The DSP of the Snapdragon, guilty of these security problems
Mobile processors are much more than a CPU and for years they have been called System on a Chip (SoC) , an abbreviation that indicates that everything necessary for the operation of the mobile is there. Not everything is a processor: This is how manufactures improve performance in a mobile
The DSP, or P rocesador of S ENAL D igital is an important element in the experience of the smartphone, though not usually have a major role in the technical specifications. Their role is the one indicated by their name, and their scope corresponds mainly to audio, but they also handle other multimedia tasks. Qualcomm’s DSP is so powerful that it is capable of supporting the CPU and GPU in Artificial Intelligence tasks.
The Hexagon DSP is so powerful that Qualcomm uses it for Artificial Intelligence.
However, with regard to security, it seems that it has aspects to improve, and that is that Checkpoint Resears has announced that in a study that they have called Achilles (Achilles) they have found more than 400 vulnerabilities. The name of the study could not be more appropriate, and it is that the DSP Hexagon becomes the Achilles heel of the Snapdragon.
These vulnerabilities present a great risk for users, since according to the study, if this knowledge falls into the wrong hands, it could have a great impact on our experience, with these three being the greatest risks:
- An attacker could spy on your mobile without the need for user interaction: photos, videos, call recording, real-time microphone recording and GPS.
- Make your mobile unusable constantly, making all information that requires the DSP remains unavailable.
- Malware could exploit this vulnerability to hide itself and make itself impossible to remove.
As for the vulnerabilities themselves, Checkpoint has decided not to make Qualcomm’s security bugs public in order to give the company time to fix those bugs, providing details about the vulnerability to the company.