Published: October 1, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Startling but true, researchers from Check Point Security revealed a discovery to the cyberworld. They found that Qualcomm Technologies, chip providers for over 40% of the Android mobile phone market, had a serious security issue with one of its chips. Their Snapdragon DSP chip, found in hundreds of millions of phones sold by Google, LG, Samsung, Xiaomi, OnePlus, and more, had more than 400 security flaws. If exploited by cybercriminals, phones with the Snapdragon chip turn into data-stealing spying devices. Just some of the vulnerable smartphone data includes contacts, location data, photos, videos, and call recordings. In addition, attackers can render a phone unusable by making all its stored data unavailable to the owner.
Although Checkpoint states they were unable to find any live exploits in their study, they remind users it doesn’t mean the flaws haven’t been abused – they just weren’t found active in the phones they studied. Fortunately for iPhone users, Apple doesn’t use Android chips, making their smartphones safe from this particular security issue.
Qualcomm, aware of the flaws in their Snapdragon DSP (digital signal processor), says they’ve successfully tackled the 400+ flaws and have security patches waiting to be installed. Now, the much bigger problem is distributing the security patch to the many millions of Android users and convincing them to download it immediately.
Checkpoint is quick to mention that applying the fix isn’t going to happen overnight and could in fact take months to years. The head of cyber research at Checkpoint says, “With a long supply chain integrated into each and every phone, it is not trivial to find deeply hidden issues in mobile phones, but it's also not trivial to fix them.”
While you’re waiting for your Snapdragon patch (likely arriving in a security update from your phone’s vendor) keep a lookout for hackers and their bag of tricks. Email phishing is a hacker favorite because it works. It provides easy entrance to a device, especially if the owner isn’t looking for phishing clues. So, be aware of suspicious senders, especially those using a generic greeting. The same goes for emails requiring an immediate response and subjects that tug on your emotions or fears. Also, look for content with bad grammar or spelling errors, and never, ever follow an email link or open an attachment.
And when you see that infamous little red dot or notification gently nudging you to update your device, don’t delay. That could be the fix to this bug you’re waiting for.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com