Qualcomm’s New Security Flaw Threatens Android Smartphones

Qualcomm’s New Security Flaw

When it comes to cyber security, there’s no bigger target than mobile devices. After all, it’s the most accessible and, thus, the most used device in the world. During the early months of lockdown, experts from the Computer Emergency Response Team of India (CERT-In) even released an advisory on how mobile devices should be protected at all times. This was in response to the “surge” of malware targeting smartphones.

CERT-In’s warnings are more relevant now that researchers have discovered a new opening present in most Android devices: the Achilles Heel.

What is the Achilles Heel?

Achilles Heel, much like in the story, refers to a vulnerability in Android phones that hackers can use as a backdoor.

The Qualcomm Snapdragon chip is the GPU incorporated in over 40% of modern Android phones, such as Samsung, Xiaomi, and Motorola. It’s the fastest mobile GPU to date, enabling newer smartphones to display better graphics (like 4K video streaming) for less power.
However, this chip has also opened up these devices to more than 400 vulnerabilities.

For example, malicious entities could create an app that can bypass the usual device security checkpoints and steal their user’s information, including photos, text messages, and location. It can even be used to record calls or turn on the device’s camera and microphone. More alarmingly, there’s also a flaw that allows them to hide all the mentioned vulnerabilities from the device.

Qualcomm has acknowledged this and assured Android users in an interview last August that they’re working with smartphone manufacturers to “make appropriate mitigations available.” And while these vulnerabilities are there, Qualcomm also mentions that there’s “[no] evidence that the problem was now being exploited by hackers.”

How to protect your Android phone

Despite Qualcomm’s assurance, it’s still better to be safe than sorry. For example, when we access a page or app for the first time, we have the tendency to click “remember me” so we can easily log into them in the future. Unfortunately, cyber security experts from HP warn that these expose password fields to potential vulnerabilities. It’s better to use password managers or biometrics, like fingerprint and selfies, to lock your accounts.

Additionally, since much of the Qualcomm Snapdragon chip’s vulnerabilities are only exploitable when malware enters your smartphone, it’s best to only install apps from trusted locations like Google Play Store. It’s also encouraged to check your phone for security updates, too, so it always has the latest protection available. Ideally, you should be seeing if there’s a new patch every week.

Qualcomm and the future of cyber security

A backdoor through a processor is an entirely new field in cyber security, which is why we barely have the resources to defend ourselves from it. In hindsight, it’s fortunate that Qualcomm and its partners were able to discover this weakness. This way, they can find a solution for it now before it becomes a major threat.

Android phones aren’t the only ones in danger, however. Security flaws in Apple devices have also made their appearance in recent months. That’s why it’s all the more important to stay up to date on the latest in mobile news to ensure that you keep your data and devices protected.