Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

Raevenlord · Aug 10, 2020

Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.

View at TechPowerUp Main Site

AsRock · Aug 10, 2020

Surprise, no not really.

Rahnak · Aug 10, 2020

Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?

xman2007 · Aug 10, 2020

Rahnak said:
Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?

Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to the chinese and google stealing my data :rockout:

Frick · Aug 10, 2020

Rahnak said:
Big oof. Any list of affected models? Or should we just assume all of them are vulnerable?

Yes.

trparky · Aug 10, 2020

Raevenlord said:
only install apps via trusted locations such as the Play Store.

Too bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.

Hemmingstamp · Aug 10, 2020

xman2007 said:
Any with the DSP I would assume? I have a Huawei with a Kirin processor so only open to ~~the chinese and~~ google stealing my data

We've all been vicitim to them in one way or another, either by mobile OS or desktop searching.

trparky said:
Too bad that bad apps always end up in the Play Store only to have them removed months later after thousands of people have downloaded them all because of Google's lack of a good app approval process.

This is nothing new. FOSS seems more favourable these days.

trparky · Aug 10, 2020

Hemmingstamp said:
FOSS seems more favourable these days.

I don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.

Hemmingstamp · Aug 10, 2020

trparky said:
I don't blame FOSS at all, I blame Google. Their app approval process just sucks. And don't tell me that Google can't afford to deploy a better and more thorough approval process because I'd call BS. They can afford to do so; I just don't think they want to.

Google never listen to customers, from gripes about their email service, to their business services, to their faulty apps.
I gave up on them years ago.

$ReaPeR$ · Aug 10, 2020

I'm not surprised but I didn't expect it to be this bad..

bug · Aug 10, 2020

$ReaPeR$ said:
I'm not surprised but I didn't expect it to be this bad..

Don't worry about it. It's probably way worse, but security researchers can't look at everything all the time.
Now it's a good time to see which vendors actually care to update devices they dropped support for.

defaultluser · Aug 10, 2020

What about Pixel phones? Don't the non-A models bypass these issues with their own DSP chip?

Caring1 · Aug 10, 2020

What about Routers and home automation with DSP chips?

Qualcomm opens up on its Hexagon DSP - Embedded.com

Qualcomm will open up its Hexagon DSP core to third-party programmers and may even license the block for others to use. It showed details of the part for

www.embedded.com

DSP Group teams with Qualcomm on home automation solution - Globes

en.globes.co.il

bug · Aug 10, 2020

Caring1 said:
What about Routers and home automation with DSP chips?

Qualcomm opens up on its Hexagon DSP - Embedded.com

Qualcomm will open up its Hexagon DSP core to third-party programmers and may even license the block for others to use. It showed details of the part for

www.embedded.com

DSP Group teams with Qualcomm on home automation solution - Globes

en.globes.co.il

I'm guessing a router or a home automation device is somewhat less likely to download and play maliciously crafted videos and such.
Plus it's not like current home automation devices have a track record of being secure.

Steevo · Aug 11, 2020

"ARM is faster"

So was Intel until they had to patch the unsecured flaws that would allow similar exploits.

Paganstomp · Aug 11, 2020

R-T-B · Aug 11, 2020

Qualcomm is the big fish in the phone pond. It's Intel for phone security research. Expect more.

SamWarrick · Aug 11, 2020

Geee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.

R-T-B · Aug 11, 2020

SamWarrick said:
Geee I wonder if any of these vulnerabilities are intentional. They seem to be awfully useful for surveillance.

Data leaks are by nature some of the easiest vulnerabilities to spot. It's not really a huge logic leap to expect them to be found first.

But more to the point, it wouldn't surprise me if the NSA or whatever was already aware of these. What would surprise me is if they were intentionally engineered. It doesn't really work like that.

Hemmingstamp · Aug 11, 2020

R-T-B said:
What would surprise me is if they were intentionally engineered. It doesn't really work like that.

So how does it work? I'm all ears.

Wshlist · Aug 11, 2020

Hemmingstamp said:
So how does it work? I'm all ears.

Me too. Please enlighten us.
Maybe you can forward your reply to Snowden too, I'm sure he'll be interested also.

Also arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?
And you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..
And that it has been proven and confirmed that big companies are all too glad pulling stuff themselves and working along with government agencies.

R-T-B · Aug 11, 2020

Hemmingstamp said:
So how does it work? I'm all ears.

Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

Wshlist said:
Maybe you can forward your reply to Snowden too, I'm sure he'll be interested also.

Snowden is famous (mainly with people who do not work actual security analysis, mind), but not as technically able as most believe. He just had access to some good docs that were very interesting and don't get me wrong, I think he should be treated as a whistleblower, but that's beside the point. His claims following the initial report have also been somewhat questionable at times.

That, and he doesn't really communicate outside of twitter these days, so no can do.

Wshlist said:
Also arguing that the data leaks would be noticed first when Quallcom say that the flaw is not in use so far are a bit contradictory don't you think?

I'm arguing that researchers can look at these vulnerabilities and tell you based on how they work whether they are manmade or accidental. Stack overflows, as a primitive example, are almost never intentional.

Wshlist said:
And you do know that they have rubber stamp secret court orders locking down release of any crap the US spooks pull right? And that it was already pretty damn bad before Trump..

I'm well aware, but thanks for educating me.

ThrashZone · Aug 11, 2020

Hi,
Wonder how MS will fix this :-)

bug · Aug 11, 2020

R-T-B said:
Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

I believe this is like you can tell Covid was not lab engineered: if it was, it would look like Frankenstein's creature of the viruses world. Same with engineered loopholes.

Hemmingstamp · Aug 11, 2020

R-T-B said:
Intentionally engineered backdoors are very obviously different than ones that are left via bugs. You'd really have to work the field to understand the difference. Keep in mind I do this for a living, and am a security researcher myself. I mainly work on the Intel Management engine, but it's all the same ball of cheese.

Has to be the best brush off I've ever had, but anything is possible to collect data I guess.

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

Processor	AMD 3900X \ AMD 7700X
Motherboard	ASRock AM4 X570 Pro 4 \ ASUS X670Xe TUF
Cooling	D15
Memory	Patriot 2x16GB PVS432G320C6K \ G.Skill Flare X5 F5-6000J3238F 2x16GB
Video Card(s)	eVga GTX1060 SSC \ XFX RX 6950XT RX-695XATBD9
Storage	Sammy 860, MX500, Sabrent Rocket 4 Sammy Evo 980 \ 1xSabrent Rocket 4+, Sammy 2x990 Pro
Display(s)	Samsung 1080P \ LG 43UN700
Case	Fractal Design Pop Air 2x140mm fans from Torrent \ Fractal Design Torrent 2 SilverStone FHP141x2
Audio Device(s)	Yamaha RX-V677 \ Yamaha CX-830+Yamaha MX-630 \Paradigm 7se MKII, Paradigm 5SE MK1 , Blue Yeti
Power Supply	Seasonic Prime TX-750 \ Corsair RM1000X Shift
Mouse	Steelseries Sensei wireless \ Steelseries Sensei wireless
Keyboard	Logitech K120 \ Wooting Two HE
Benchmark Scores	Meh benchmarks.

System Name	Blackbox
Processor	AMD Ryzen 7 3700X
Motherboard	Asus TUF B550-Plus WiFi
Cooling	Scythe Fuma 2
Memory	2x8GB DDR4 G.Skill FlareX 3200Mhz CL16
Video Card(s)	MSI RTX 3060 Ti Gaming Z
Storage	Kingston KC3000 1TB + WD SN550 1TB + Samsung 860 QVO 1TB
Display(s)	LG 27GP850-B
Case	Lian Li O11 Air Mini
Audio Device(s)	Logitech Z200
Power Supply	Seasonic Focus+ Gold 750W
Mouse	Logitech G305
Keyboard	MasterKeys Pro S White (MX Brown)
Software	Windows 10
Benchmark Scores	It plays games.

Processor	Ryzen 1600AF @4.2Ghz 1.35v
Motherboard	MSI B450M PRO-A-MAX
Cooling	Deepcool Gammaxx L120t
Memory	16GB Team Group Dark Pro Sammy-B-die 3400mhz 14.15.14.30-1.4v
Video Card(s)	XFX RX 5600 XT THICC II PRO
Storage	240GB Brave eagle SSD/ 2TB Seagate Barracuda
Display(s)	Dell SE2719HR
Case	MSI Mag Vampiric 011C AMD Ryzen Edition
Power Supply	EVGA 600W 80+
Software	Windows 10 Pro

System Name	Black MC in Tokyo
Processor	Ryzen 5 7600
Motherboard	MSI X670E Gaming Plus Wifi
Cooling	Be Quiet! Pure Rock 2
Memory	2 x 16GB Corsair Vengeance @ 6000Mhz
Video Card(s)	XFX 6950XT Speedster MERC 319
Storage	Kingston KC3000 1TB \| WD Black SN750 2TB \|WD Blue 1TB x 2 \| Toshiba P300 2TB \| Seagate Expansion 8TB
Display(s)	Samsung U32J590U 4K + BenQ GL2450HT 1080p
Case	Fractal Design Define R4
Audio Device(s)	Plantronics 5220, Nektar SE61 keyboard
Power Supply	Corsair RM850x v3
Mouse	Logitech G602
Keyboard	Dell SK3205
Software	Windows 10 Pro
Benchmark Scores	Rimworld 4K ready!

Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking

Raevenlord

News Editor

AsRock

TPU addict

Rahnak

xman2007

Frick

Fishfaced Nincompoop

trparky

Hemmingstamp

trparky

Hemmingstamp

$ReaPeR$

bug

defaultluser

Caring1

Qualcomm opens up on its Hexagon DSP - Embedded.com

DSP Group teams with Qualcomm on home automation solution - Globes

bug

Qualcomm opens up on its Hexagon DSP - Embedded.com

DSP Group teams with Qualcomm on home automation solution - Globes

Steevo

Paganstomp

R-T-B

SamWarrick

R-T-B

Hemmingstamp

Wshlist

R-T-B

ThrashZone

bug

Hemmingstamp

System Name	My Ryzen 7 7700X Super Computer
Processor	AMD Ryzen 7 7700X
Motherboard	Gigabyte B650 Aorus Elite AX
Cooling	DeepCool AK620 with Arctic Silver 5
Memory	2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s)	XFX AMD Radeon RX 7900 GRE
Storage	Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s)	Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case	Lian Li LANCOOL II MESH C
Audio Device(s)	On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply	MSI A850GF
Mouse	Logitech M705
Keyboard	Steelseries
Software	Windows 11 Pro 64-bit
Benchmark Scores	https://valid.x86.fr/liwjs3

System Name	Ryzen/Laptop/htpc
Processor	R9 3900X/i7 6700HQ/i7 2600
Motherboard	AsRock X470 Taichi/Acer/ Gigabyte H77M
Cooling	Corsair H115i pro with 2 Noctua NF-A14 chromax/OEM/Noctua NH-L12i
Memory	G.Skill Trident Z 32GB @3200/16GB DDR4 2666 HyperX impact/24GB
Video Card(s)	TUL Red Dragon Vega 56/Intel HD 530 - GTX 950m/ 970 GTX
Storage	970pro NVMe 512GB,Samsung 860evo 1TB, 3x4TB WD gold/Transcend 830s, 1TB Toshiba/Adata 256GB + 1TB WD
Display(s)	Philips FTV 32 inch + Dell 2407WFP-HC/OEM/Sony KDL-42W828B
Case	Phanteks Enthoo Luxe/Acer Barebone/Enermax
Audio Device(s)	SoundBlasterX AE-5 (Dell A525)(HyperX Cloud Alpha)/mojo/soundblaster xfi gamer
Power Supply	Seasonic focus+ 850 platinum (SSR-850PX)/165 Watt power brick/Enermax 650W
Mouse	G502 Hero/M705 Marathon/G305 Hero Lightspeed
Keyboard	G19/oem/Steelseries Apex 300
Software	Win10 pro 64bit

Processor	Intel i5-12600k
Motherboard	Asus H670 TUF
Cooling	Arctic Freezer 34
Memory	2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s)	EVGA GTX 1060 SC
Storage	500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s)	Dell U3219Q + HP ZR24w
Case	Raijintek Thetis
Audio Device(s)	Audioquest Dragonfly Red :D
Power Supply	Seasonic 620W M12
Mouse	Logitech G502 Proteus Core
Keyboard	G.Skill KM780R
Software	Arch Linux + Win10

System Name	H7 Flow 2024
Processor	AMD 5800X3D
Motherboard	Asus X570 Tough Gaming
Cooling	Custom liquid
Memory	32 GB DDR4
Video Card(s)	Intel ARC A750
Storage	Crucial P5 Plus 2TB.
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Mouse	Lenovo
Keyboard	Eweadn Mechanical
Software	W11 Pro 64 bit

System Name	Compy 386
Processor	7800X3D
Motherboard	Asus
Cooling	Air for now.....
Memory	64 GB DDR5 6400Mhz
Video Card(s)	7900XTX 310 Merc
Storage	Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s)	55" Samsung 4K HDR
Audio Device(s)	ATI HDMI
Mouse	Logitech MX518
Keyboard	Razer
Software	A lot.
Benchmark Scores	Its fast. Enough.

System Name	The Final Straw - Part II
Processor	Ryzen 5 4500
Motherboard	ASRock B550 Phantom Gaming 4/ac
Cooling	Arctic Liquid Freezer II 120
Memory	G.Skill 16GB DDR4 3200 F4-3200C16D-16GVKB
Video Card(s)	EVGA GTX 1660 Super SC Ultra 6GB GDDR6
Storage	Crucial 1TB P3 NVMe + WD 2TB Black SN850X NVME + PNY 2TB CS900 SATA
Display(s)	Acer VG270U P 2k
Case	Fractal Design Meshify C
Audio Device(s)	HDMI / SPDIF
Power Supply	ASRock Challenger CL-850G
Mouse	Logitech M510
Keyboard	Logitech K270
VR HMD	Why?
Software	Windows 10 / 11
Benchmark Scores	Currently N/A

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise

System Name	Ghetto Rigs z490\|x99\|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor	10900k w/Optimus Foundation \| 5930k w/Black Noctua D15
Motherboard	z490 Maximus XII Apex \| x99 Sabertooth
Cooling	oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block \| Blk D15
Memory	Trident-Z Royal 4000c16 2x16gb \| Trident-Z 3200c14 4x8gb
Video Card(s)	Titan Xp-water \| evga 980ti gaming-w/ air
Storage	970evo+500gb & sn850x 4tb \| 860 pro 256gb \| Acer m.2 1tb/ sn850x 4tb\| Many2.5" sata's ssd 3.5hdd's
Display(s)	1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case	D450 \| Cherry Entertainment center on Test bench
Audio Device(s)	Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply	EVGA 1000P2 with APC AX1500 \| 850P2 with CyberPower-GX1325U
Mouse	Redragon 901 Perdition x3
Keyboard	G710+x3
Software	Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores	Are in the benchmark section