fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Nearly 50% Of All Smartphones Affected By Qualcomm Snapdragon Bugs

Nearly 50% Of All Smartphones Affected By Qualcomm Snapdragon Bugs

Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs

Several security vulnerabilities found in Qualcomm’s Snapdragon chip Digital Signal Processor (DSP) chip could allow attackers to take control of more than 40% of all smartphones without user interaction, spy on their users, and create un-removable malware capable of evading detection.

DSPs are system-on-chip units are used for audio signal and digital image processing, and telecommunications, in consumer electronics including TVs and mobile devices.

Despite their complexity and the number of new features and capabilities DSP chips can add to any device, unfortunately, they also introduce new weak points and expand the devices’ attack surface.

Hundreds of millions of devices exposed to attacks

The vulnerable DSP chip “can be found in nearly every Android phone on the planet, including high-end phones from Google, Samsung, LG, Xiaomi, OnePlus, and more,” according to Check Point researchers who found these vulnerabilities.

Apple’s iPhone smartphone line is not affected by the security issues discovered and disclosed by Check Point in their report.

Check Point disclosed their findings to Qualcomm, who acknowledged them, notified device vendors, and assigned them with the following six CVEs: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209.

According to Check Point, these vulnerabilities make it possible for:

• Attackers to turn the phone into a perfect spying tool, without any user interaction required. The information that can be exfiltrated from the phone includes photos, videos, call-recording, real-time microphone data, GPS and location data, etc.
• May be able to render the mobile phone constantly unresponsive. Making all the information stored on this phone permanently unavailable -including photos, videos, contact details, etc–in other words, a targeted denial-of-service attack.
• Can use malware and other malicious code can completely hide their activities and become un-removable.

Also read: Privacy policy template important tips for your business

Qualcomm fixed the vulnerabilities, security updates incoming

Although Qualcomm has already patched the six security flaws found to affect the Qualcomm Snapdragon DSP chip, mobile vendors still have to implement and deliver security fixes to their devices’ users, the threat is still there since the devices are still vulnerable to attacks.

Check Point researchers did not publish the technical details behind these vulnerabilities to allow mobile vendors to develop and deliver security updates to users to mitigate any possible risks.

“However, we decided to publish this blog to raise the awareness to these issues,” Check Point explained in a research report shared earlier with BleepingComputer.

“We have also updated relevant government officials, and relevant mobile vendors we have collaborated with on this research to assist them in making their handsets safer. The full research details were revealed to these stakeholders.”

Providing technologies that support robust security and privacy is a priority for Qualcomm. Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store. – Qualcomm spokesperson

“Although Qualcomm has fixed the issue, it’s sadly not the end of the story,” Head of Cyber Research at Check Point, Yaniv Balmas, said.

“Hundreds of millions of phones are exposed to this security risk. You can be spied on. You can lose all your data. If such vulnerabilities will be found and used by malicious actors, it will find millions of mobile phone users with almost no way to protect themselves for a very long time.”

The research behind these vulnerabilities will be presented by Check Point security researcher Slava Makkaveev tomorrow, at DEF CON 2020, during a presentation dubbed “Pwn2Own Qualcomm compute DSP for fun and profit.”

It is now up to the vendors, such as Google, Samsung, and Xiaomi, to integrate those patches into their entire phone lines, both in manufacturing and in the market. Our estimations are that it will take a while for all the vendors to integrate the patches into all their phones. Hence, we do not feel publishing the technical details with everyone is the responsible thing to do given the high risk of this falling into the wrong hands. For now, consumers must wait for the relevant vendors to also implement fixes.

Update: Added Qualcomm statement. 

Also read: 4 easy guides to data breach assessment

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us