Check Point in an official blog post claimed that using these vulnerabilities an attacker can turn the phone into a perfect spying tool, without any user interaction required.
“The information that can be exfiltrated from the phone include photos, videos, call-recording, real-time microphone data, GPS and location data, etc,” it said.
“Providing technologies that support robust security and privacy is a priority for Qualcomm. Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices<\/a> as patches become available and to only install applications from trusted locations such as the Google Play Store,” said a Qualcomm spokesperson in response to the report.
The Check Point researchers also warned that an attacker can even make a Qualcomm Snapdragon chipset-powered Android phone unresponsive and useless. “Attackers may be able to render the mobile phone constantly unresponsive – Making all the information stored on this phone permanently unavailable – including photos, videos, contact details, etc – in other words, a targeted denial-of-service attack<\/a>,” added Check Point.
The malware can also hide inside phones, track activities and even become unremovable, claims the report.
“We disclosed these findings with Qualcomm, who acknowledged them, notified the relevant device vendors,” said Check Point.
DSP is an important chipset that has hardware and software designed to enable each component on a smartphone<\/a>. It can enable quick charging capabilities, control video, HD Capture, AR features along with audio features too. “Simply put, a DSP is a complete computer on a single chip...may include features to enable daily mobile usage such as image processing, computer vision, neural network-related calculations, camera streaming, audio and voice data,” it explained.
These vulnerabilities are not yet known and there is very little end users can do apart from waiting for a software patch from their mobile brand.
<\/body>","next_sibling":[{"msid":77483631,"title":"Mukesh Ambani's Reliance Industries breaks into top 100 global companies","entity_type":"ARTICLE","link":"\/news\/mukesh-ambanis-reliance-industries-breaks-into-top-100-global-companies\/77483631","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"77482820","title":"android phones","entity_type":"IMAGES","seopath":"gadgets-news\/android-phones-with-qualcomm-snapdragon-processors-have-major-security-worry\/android-phones","category_name":"Android phones with Qualcomm Snapdragon processors may have security worry","synopsis":false,"thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-87514\/77482820.cms?width=150&height=112","link":"\/image\/gadgets-news\/android-phones-with-qualcomm-snapdragon-processors-have-major-security-worry\/android-phones\/77482820"}],"msid":77483729,"entity_type":"ARTICLE","title":"Android phones with Qualcomm Snapdragon processors may have security worry","synopsis":"The researchers claimed that these \u201cvulnerable pieces of code\u201d were found within the Qualcomm Digital Signal Processor unit (DSP) chips. ","titleseo":"telecomnews\/android-phones-with-qualcomm-snapdragon-processors-have-major-security-worry","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":285,"shares":0,"engagementtimems":1169000},"Alttitle":{"minfo":""},"artag":"TIMESOFINDIA.COM","artdate":"2020-08-11 16:44:08","lastupd":"2020-08-11 22:06:05","breadcrumbTags":["Android phones","digital signal processor","Smartphone","Devices","check point","Qualcomm Snapdragon","Denial-of-Service attack","Qualcomm"],"secinfo":{"seolocation":"telecomnews\/android-phones-with-qualcomm-snapdragon-processors-have-major-security-worry"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2020-08-11" data-index="article_1">
读到
安卓手机由高通Snapdragon处理器面临安全的担心超过400代码漏洞已经被安全研究人员发现检查。研究人员称,这些“脆弱的代码片断”内被发现高通
数字信号处理器单位(DSP)芯片。
检查在官方博客称,利用这些漏洞的攻击者可以把手机变成一个完美的间谍工具,不需要任何用户交互。
“可以接的电话信息,包括照片,视频,电话录音,麦克风的数据,实时GPS定位数据,等等,”它说。
“健壮的安全提供技术支持和隐私是高通的当务之急。对于高通计算DSP检查站披露的脆弱性,我们努力工作来验证问题和oem厂商提供适当的缓解措施。目前我们没有证据被剥削。我们鼓励终端用户更新他们设备补丁可用,只能从受信任的位置安装应用程序如谷歌玩商店,高通公司的一位发言人在回应说:“这份报告。
检查人员还警告说,攻击者甚至可以使一个高通Snapdragon芯片组Android手机反应迟钝的和无用的。“攻击者可以使移动电话经常反应迟钝,使所有的信息存储在这个电话永久不可用,包括照片,视频,联系人细节,等等——换句话说,一个目标拒绝服务攻击说:“。
恶意软件也可以隐藏在手机,跟踪活动,甚至成为unremovable,索赔报告。
“我们披露这些发现与高通,承认它们,通知相关设备供应商,”说。
DSP是一个重要的芯片,硬件和软件设计,使每个组件上智能手机。它可以快速充电功能,控制视频、高清捕获,基于“增大化现实”技术特征与音频特征。“简单地说,一个DSP是一个完整的计算机在一个芯片上……可能包括的特性,使日常移动应用,如图像处理、计算机视觉、神经网络相关计算,相机流,音频和语音数据,“这解释道。
这些漏洞不清楚,很少有最终用户可以做除了等待软件补丁从手机品牌。
检查在官方博客称,利用这些漏洞的攻击者可以把手机变成一个完美的间谍工具,不需要任何用户交互。
“可以接的电话信息,包括照片,视频,电话录音,麦克风的数据,实时GPS定位数据,等等,”它说。
“健壮的安全提供技术支持和隐私是高通的当务之急。对于高通计算DSP检查站披露的脆弱性,我们努力工作来验证问题和oem厂商提供适当的缓解措施。目前我们没有证据被剥削。我们鼓励终端用户更新他们设备补丁可用,只能从受信任的位置安装应用程序如谷歌玩商店,高通公司的一位发言人在回应说:“这份报告。
检查人员还警告说,攻击者甚至可以使一个高通Snapdragon芯片组Android手机反应迟钝的和无用的。“攻击者可以使移动电话经常反应迟钝,使所有的信息存储在这个电话永久不可用,包括照片,视频,联系人细节,等等——换句话说,一个目标拒绝服务攻击说:“。
恶意软件也可以隐藏在手机,跟踪活动,甚至成为unremovable,索赔报告。
“我们披露这些发现与高通,承认它们,通知相关设备供应商,”说。
DSP是一个重要的芯片,硬件和软件设计,使每个组件上智能手机。它可以快速充电功能,控制视频、高清捕获,基于“增大化现实”技术特征与音频特征。“简单地说,一个DSP是一个完整的计算机在一个芯片上……可能包括的特性,使日常移动应用,如图像处理、计算机视觉、神经网络相关计算,相机流,音频和语音数据,“这解释道。
这些漏洞不清楚,很少有最终用户可以做除了等待软件补丁从手机品牌。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动