More than a billion Android users at risk from 'Achilles' vulnerability that turns phones into spying devices
More than a billion users of Android devices are at risk of hackers taking over their phones and rendering them unusable – or turning them into spying tools.
Security researchers at Check Point analysed popular Qualcomm chips used in up to 40% of smartphones and found 400 serious vulnerabilities in the code.
If exploited, the vulnerabilities could allow hackers access to private information such as photos and emails, or allow them to render devices unusable.
Hackers could also use malware to render their attacks completely invisible to device owners, the researchers warned.
Read more: Twitter advises Android users to update their app
The Qualcomm ‘System On A Chips’ are found in popular smartphones from companies including Google, Samsung, Xiaomi, LG and OnePlus, Check Point said.
The firm said that it had notified Qualcomm of the vulnerabilities, but not disclosed details in order to protect the public.
Yaniv Balmas, head of cyber research at Check Point, said: “You can be spied on. You can lose all your data.
“If such vulnerabilities are found and used by malicious actors, it will find millions of mobile phone users with almost no way to protect themselves for a very long time.”
In a blog post, the company wrote: “More than 400 vulnerable pieces of code were found within the DSP chip we tested, and these vulnerabilities could have the following impact on users of phones with the affected chip.
Read more: Robot bartender pours cocktails in Tokyo
“Attackers can turn the phone into a perfect spying tool, without any user interaction required. The information that can be exfiltrated from the phone include photos, videos, call-recording, real-time microphone data, GPS and location data.
“Attackers may be able to render the mobile phone constantly unresponsive – making all the information stored on this phone permanently unavailable – including photos, videos, contact details, etc. In other words, a targeted denial-of-service attack.
“Malware and other malicious code can completely hide their activities and become un-removable.”