Unfixed vulnerabilities in Qualcomm Snapdragon chips affect millions of Android phones

A recently published report by specialists from an exploit development training points to the presence of multiple vulnerabilities in smartphones with Snapdragon processor installed. According to the reports, exploiting these flaws could put users at critical risks. In total, the researchers reported finding at least 40 security flaws, one of which was considered serious. 

This flaw lies in the Hexagon Software Development Kit (SDK), present in Snapdragon processors. Affected versions are 2.0, 3.0, 3.1, 3.2, 3.3.2, 3.3.3, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, and 3.5.2.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es snapdragonbody.jpg

Dubbed “Achilles”, this flaw could be present on millions of Android devices around the world, mentioned specialists in the exploit development training. Check Point researchers, in charge of the find, did not reveal too many details of the flaw, although they claim that the consequences of exploitation are severe, as threat actors could record user calls, install malware remotely, and even completely disable an affected device.

In their report, exploit development training specialists stated that the affected device manufacturers do not have the ability to resolve these flaws themselves, so vulnerabilities must be addressed by the chip manufacturer.

Soon after, Qualcomm acknowledged the existence of these flaws, announcing that the solutions would be launched shortly. The technology company also assured users and manufacturers that no attempts to exploit these failures or the existence of any exploit related to the attack have been detected.

Although the vulnerabilities have not been exploited, it is important that manufacturers and users around the world are aware of these failures, as around 40% of mobile devices worldwide have a Snapdragon processor, including smartphones from companies such as LG, Samsung or Xiaomi.

This is a sign of the importance of releasing regular security updates, as most exploitable vulnerabilities depend on the abuse of some non fixed features on the affected systems. Although Qualcomm continuously provides support for its products, the occurrence of safety flaws can overcome this practice with ease.