Snapdragon Chip Flaws Put 1 Billion Android Phones at Risk of Data Theft
upstart writes in with an IRC submission:
Snapdragon chip flaws put >1 billion Android phones at risk of data theft:
Snapdragon is what's known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.
While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features-they do come with a cost," researchers from security firm Check Point wrote in a brief report of the vulnerabilities they discovered.
[...] Qualcomm has released a fix for the flaws, but so far it hasn't been incorporated into the Android OS or any Android device that uses Snapdragon, Check Point said. When I asked when Google might add the Qualcomm patches, a company spokesman said to check with Qualcomm. The chipmaker didn't respond to an email asking.
Check Point is withholding technical details about the vulnerabilities and how they can be exploited until fixes make their way into end-user devices. Check Point has dubbed the vulnerabilities Achilles. The more than 400 distinct bugs are tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.
Read more of this story at SoylentNews.