Millions of Android phones are at risk due to an “Achilles” flaw in Qualcomm chips, which involves vulnerable code on almost half of all Android smartphones.
Researchers have found that Qualcomm’s Snapdragon chip, one of the most widely used processors in Android phones, has hundreds of bits of vulnerable code that leaves millions of Android users at risk, according to a report by Gizmodo.
The report added that as of last year, Qualcomm’s Snapdragon series of processors can be found on nearly 40 percent of all Android smartphones, which include phones from Google, Samsung, Xiaomi, LG, and OnePlus.
The digital signal processor (DSP) in Qualcomm Snapdragon chips also had over 400 pieces of vulnerable code, according to researchers from Check Point, a cybersecurity firm.
Researchers added that the vulnerabilities — dubbed “Achilles” — can impact the Android phones in three major ways.
Firstly, an attacker would be able to use someone’s Android phone as a spying tool after simply getting a person to install what appears to be a benign app, which would bypass typical security measures. From there, a hacker can access the phone’s photos, videos, GPS, and location data.
Secondly, an attacker might also be able to record calls and turn on the phone’s microphones without the owner knowing. The hacker could then also choose to render the smartphone completely unusable by locking all the data stored on it.
Researchers described this as a “targeted denial-of-service attack,” reports Gizmodo.
Thirdly, an attacker could also “exploit the vulnerabilities to hide malware in a way that would be unknown to the victim, and unremovable,” according to the report.
The report added that Check Point has since disclosed its findings to Qualcomm, government officials, and the affected vendors, and that Qualcomm has reportedly fixed the issue, but that doesn’t mean that the Android phone is automatically safe.
“It’s up to phone makers to push the relevant security patches to their customer base, which could take some time,” reports Gizmodo.
In a statement to CNET, Qualcomm says that it has “worked diligently to validate the issue and make appropriate mitigations available” to phone makers, adding that the company does not have any evidence that points to the problem now being exploited by hackers.
“We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” added Qualcomm.