Although many people don't know the hardware behind the so-called "digital signal processor" (DSP), fast charging, and noise reduction, security researchers have issued a major safety warning to Android device users.With the development of technology, this kind of single chip with a complete set of functions can help the device fully charged in a short time, or provide assistance for augmented reality games such as "fairy treasure dream go".
However, researchers at check point, a network security company, warn that hackers may abuse the chip's functionality because it already has a wide range of possibilities.
At the Defcon Conference on Friday, researcher Slava makkaveev is expected to demonstrate how to use such "gateway chips" to launch attacks to gain control of Android devices.
According to reports, the researchers in more than 40% of Android devices used in Qualcomm Cellon chip inspection, the results found more than 400 vulnerabilities.
Based on the large number of devices, hackers with ulterior motives or elaborate a malicious application that exploits these vulnerabilities to bypass the conventional security inspection measures and finally obtain sensitive data including photos, videos, location information, etc.
The vulnerability may also allow malicious applications to open device microphones, record calls, or even block or hide other malware on Android devices without people's knowledge.
Qualcomm has confirmed the existence of these vulnerabilities and issued corresponding security warnings. But unless the phone manufacturer immediately fixes the patch and pushes it to the end device users, the risk of such problems will remain.
We encourage end users to update patches as they become available, and to access content only from trusted sources, such as Google's official play store.
Although these special vulnerabilities have been blocked, the chip itself has become a new platform that can be exploited by attackers, and may even become the most lethal security weakness in the whole set of devices, the researchers at check point added.
Digital signal processor (DSP) has existed for a long time, but security researchers have not paid much attention to it. One of the obstacles is that the barriers to entry are very high.
In addition, the technical details on the chip are usually locked in by the manufacturers themselves. The big environment of building a car behind closed doors makes it difficult for security researchers to test the defects of DSP chips, which has caused some concerns in the industry.
Yaniv balmas, head of network research at check point, even suspects that there are still many loopholes in DSP chips that have not been found. Therefore, he calls for more people to join in the security research on the internal design and implementation methods of hardware.