Four bugs in Qualcomm chips leaves over 900 million Android phones vulnerable to hackers
According to the team from Israel-based software and hardware giant Check Point, the bugs were uncovered at the software running on chipsets made by US firm Qualcomm, BBC reported on Monday.
Qualcomm processors are found in about 900 million Android phones, Check Point said, adding that there is no evidence of the vulnerabilities currently being used in attacks by cyber thieves.
“I am pretty sure you will see these vulnerabilities being used in the next three to four months,” Michael Shaulov, head of mobility product management at Checkpoint, was quoted as saying.
The flaws, which were found in software that handles graphics and in code that controls communication between different processes running inside a phone, were revealed after six months of work to reverse engineer Qualcomm’s code.
The attackers can exploit the bugs to gradually take control over a device and gain access to data. “It is always a race as to who finds the bug first, whether it is the good guys or the bad,” Shaulov added.
According to the report, Check Point handed information about the bugs and proof of concept code to Qualcomm earlier this year.
In response, Qualcomm is believed to have created patches for the bugs and started to use the fixed versions in its factories.
As a security measure, Android owners should download apps only from the official Google Play store.
According to Check Point, affected devices include: BlackBerry Priv and Dtek50, Blackphone 1 and Blackphone 2, Google Nexus 5X, Nexus 6 and Nexus 6P, HTC One, HTC M9 and HTC 10, LG G4, LG G5 and LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2 and OnePlus 3, US versions of the Samsung Galaxy S7 and Samsung S7 Edge and Sony Xperia Z Ultra.