Back in August of 2020, security researches at Checkpoint software, a leading security provider, released the results of their investigation into a hardware vulnerability that could impact as many as 40% of Android smartphones on the market, with some startling results.
The research focused on a chip called the Digital Processing Unit, a key component in many smartphones. Specifically, DSP chips from the leading manufacturer Qualcomm. They found over 400 vulnerabilities that could be exploited, with potential results including:
- The ability to access and remotely exfiltrate data from the device
- The ability to remotely access the device microphone and capture audio in real time
- The ability to track the phones location
- Make the phone and its contents permanently unresponsive/inaccessible
While the scope and impact of this vulnerability is indeed cause for concern, a few details should be noted. Firstly, there is no evidence that any hacker or malicious actor has successfully exploited the identified vulnerabilities. Second, Checkpoint did not disclose any technical details of their research, in order to allow Qualcomm to fix the issues. Thirdly, the risk can be mitigated by only installing verified applications from the Google Play store.
Taken together, these factors significantly reduce the chance that this vulnerability will be widely exploited before it can be permanently addressed. The investigation, however, highlights the critical role that third party security testing and reporting play in securing our digital landscape. Even after billions of devices are manufactured with specific hardware, new and potentially dangerous weaknesses can continue to be exposed (and only then addressed by the manufacturer.)
Keep your devices up to date, only install verified applications and practice good password hygiene for all your critical personal accounts to help keep you and your device secure. Triella can help your firm implement security services so your technology infrastructure remains protected. Call us now to get started! 647.426.1004
Sean Kirby is the Help Desk Manager at Triella. We are a technology consulting company specializing in providing technology audits, planning advice, project management and other CIO-related services to small and medium-sized firms. Sean can be reached at 647.426.1004. For additional articles, go to our blog page. Triella is a VMware Professional Partner, Microsoft Certified Partner, Citrix Solution Advisor – Silver, Dell Preferred Partner, Authorized Worldox Reseller and a Webroot Reseller.
© 2020 by Triella Corp. All rights reserved. Reproduction with credit is permitted.