August 7, 2016
Hackers could have accessed everything from encrypted corporate email to online banking apps using vulnerabilities recently found to affect Qualcomm chips in up to 900m Android smartphones and tablets.
Checkpoint, an Israeli cyber security company that found four flaws in the chips, said cyber criminals could encourage users to download a malicious app and escalate its privileges so it can see everything on the device.
Michael Shaulov, head of products, mobile and cloud security at Checkpoint, said by accessing the memory of the phone, hackers could peer into encrypted apps to see WhatsApp messages or email or note down banking passwords as they are typed in.
“Everything is copied to the hackers,” he said, on the edge of the cyber security conference Def Con where Checkpoint presented its research on Sunday.
Qualcomm is the leading maker of chips for advanced smartphones, with 65 per cent of the global market for 4G/LTE in 2015, according to data from ABI Research. Checkpoint said devices using Qualcomm chipsets include the Google Nexus 5X, 6 and 6P, HTC One M9 and HTC 10 and the Samsung Galaxy S7 and S7 Edge.
Checkpoint informed both Qualcomm and Google, which develops the Android operating system, of the vulnerabilities.