Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday August 10 2020, @07:02AM   Printer-friendly
from the Oh-Snap[dragon]! dept.

Snapdragon chip flaws put >1 billion Android phones at risk of data theft:

Snapdragon is what’s known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.

“While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features—they do come with a cost,” researchers from security firm Check Point wrote in a brief report of the vulnerabilities they discovered.

[...] Qualcomm has released a fix for the flaws, but so far it hasn’t been incorporated into the Android OS or any Android device that uses Snapdragon, Check Point said. When I asked when Google might add the Qualcomm patches, a company spokesman said to check with Qualcomm. The chipmaker didn’t respond to an email asking.

Check Point is withholding technical details about the vulnerabilities and how they can be exploited until fixes make their way into end-user devices. Check Point has dubbed the vulnerabilities Achilles. The more than 400 distinct bugs are tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by etherscythe on Tuesday August 11 2020, @04:57PM (2 children)

    by etherscythe (937) on Tuesday August 11 2020, @04:57PM (#1035011) Journal

    OK. But can it run my banking app? Sure, I can buy a random Chinese-made IoT thing with a screen and run it for awhile, but does it do the real things I want an Android for in the first place?

    Otherwise I'll just put Sailfish back on my Sony XA2. (I'm actually about to do this when I get my next phone)

    --
    "Fake News: anything reported outside of my own personally chosen echo chamber"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by knarf on Wednesday August 12 2020, @11:31AM (1 child)

    by knarf (2042) on Wednesday August 12 2020, @11:31AM (#1035480)

    I guess you can run your banking app, I know for sure I can run the Swedish "BankID" app. The phone passes Google's SafetyNet (using Magisk to hide root etc). I'd say give it a try on the device on which you're about to put Sailfish, if it works and your next phone is supported by something like LineageOS (i.e. make sure to get a device which has strong developer support) you can put Sailfish on the old device and Lineage on the new one. Nae lairds, nae kings, nae Apple, nae Google, we're free men!

    • (Score: 2) by etherscythe on Thursday August 13 2020, @09:22PM

      by etherscythe (937) on Thursday August 13 2020, @09:22PM (#1036314) Journal

      Oh, Magisck is working now? Seemed dead to me, never got it to pass SafetyNet. I'll have to play with it again.

      --
      "Fake News: anything reported outside of my own personally chosen echo chamber"