If you have an Android device, you may want to prepare for some potentially frustrating news. There are over a billion Android devices out in the wild right now that are vulnerable to hacks that could turn them into spying tools. Let that sink in for a moment, because it's bad news.
These devices could be exploited by way of some 400 vulnerabilities in Qualcomm's Snapdragon chip that can be leveraged if users download a specific video or other type of content that's rendered by the chip. Users may also install apps that require no permissions to help malicious payloads along on their journey, which could be the scariest part of all.
Once attackers have access to the chip, phones may be used to monitor users' locations as well as listen in to audio and take images and photos. It's scary stuff. The phone can even be made to potentially become unresponsive, with the infection being hidden away in a manner that makes coming clean feel like a long, haggard road to recovery.
"While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features—they do come with a cost," said security firm Check Point via blog post. "These chips introduce new attack surface and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as ‘Black Boxes’ since it can be very complex for anyone other than their manufacturer to review their design, functionality or code."
Right now, Qualcomm has created a fix for the issues discovered, but it has yet to be incorporated into any Android device that utilize Snapdragon. According to Check Point, by way of Ars Technica, Google has yet to respond to inquiries regarding when or if the Qualcomm patches may be added to Android devices.
"Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs," Qualcomm offered in a statement. "We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store."
For the time being, you may want to play it very safe regarding the Qualcomm Snapdragon-enabled devices you may be using. Hopefully a fix is in the works soon, but until then, it's best to use best practices to avoid any sort of potential future disasters with your phone.