6 Bugs in Qualcomm allow hackers to remotely take over your Android smartphone


Hackers can remotely take over your Qualcomm SoC powered Google, Samsung, OnePlus, Xiaomi, LG Android smartphone

Nearly 40 percent of Android smartphones powered by Qualcomm System on a Chip (SoC) are vulnerable to potential hackers. Security researchers have identified 6 serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android smartphones and tablets currently being used.

Checkpoint researchers presented a report at the DEF CON Safe Mode security conference on Friday in which they detailed six critical bugs in Qualcomm’s Snapdragon mobile chipset. The vulnerabilities are so severe that they impact almost all smartphones made by Google, Samsung, LG, Xiaomi, and OnePlus.

The flaws allow potential hackers to launch Denial of Service and escalation-of-privileges attacks – ultimately giving hackers control of the victim’s smartphone. The hackers can also steal images/videos, chats, messages, confidential banking information, and even remotely implant malware on your Android smartphone. 

Checkpoint says the six bugs have been given unique identifiers as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209. Checkpoint research says that these CVEs could be used to launch at least 400 different attacks on Android smartphones.

Slava Makkaveev of CheckPoint says that that the company has informed Qualcomm about the bugs. Qualcomm has fixed the flaws and issued patches to the smartphone manufacturers but most of them have not released the patches downstream to the users. At present many of Qualcomm SoC powered Android smartphones are vulnerable to these flaws.

Bug in Snapdragon SoC’s Hexagon digital signal processor (DSP)

Checkpoint found a critical vulnerability in the main component of Qualcomm SoCs, Hexagon Architecture. Hexagon is the brand name for Qualcomm’s digital signal processor (DSP) and a critical part of the SoC’s microarchitecture. Hexagon controls all real-time requests that a user makes to the Android smartphone. It is in charge of turning voice, microphone, camera, video, and GPS location sensors into commands.

Makkaveev said the DSP flaws can be exploited by hackers to steal photos, videos, call recordings, real-time microphone data, and GPS and location data. A hacker could also cripple a targeted phone or implant malware with smartphone owners’ knowledge or consent.

“Hexagon SDK is the official way for the vendors to prepare DSP related code. We discovered serious bugs in the SDK that have led to the hundreds of hidden vulnerabilities in the Qualcomm-owned and vendors’ code. The truth is that almost all DSP executable libraries embedded in Qualcomm-based smartphones are vulnerable to attacks due to issues in the Hexagon SDK,” Checkpoint says.

Checkpoint also found they could use the flaw for escalation of privileges attack that can allow any hacker to gain control of the victim’s smartphone.

“Qualcomm aDSP and cDSP subsystems are very promising areas for security research,” Makkaveev said. “The DSP is accessible for invocations from third-party Android applications. The DSP processes personal information such as video and voice data that passes through the device’s sensors. As we have proven, there are many security issues in the DSP components,” Makkaveev stated.

Checkpoint informed about the bugs to Qualcomm between February and March. Patches developed by Qualcomm in July and released to the smartphone makers. But July and August Google Android Security Bulletins reveal patches haven’t been yet been pushed to handsets. Makkaveev says that this is the reason they have not disclosed the details of the vulnerability or published the PoC.

Qualcomm gave a rather vague comment to Checkpoint’s demonstration. “Providing technologies that support robust security and privacy is a priority for Qualcomm. Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.” – Qualcomm Spokesperson.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments