Craig discusses the flaw in the Snapdragon chip architecture and how has put 1 Billion Android devices at risk.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
[00:00:00] Craig Peterson: As if I needed another reason to tell you not to buy Android, we’ve got a very big one right now. Stick around. Here we go.
Hey everybody. Thanks for sticking around. Of course, this is Craig Peterson on WGAN online. Craig peterson.com/subscribe. I really appreciate everybody being with us today. There is always a lot of news to understand and know, and it’s confusing. Hey, I get it a lot of people get very confused, trying to figure out what’s what, and particularly when I start getting into the reasons you should not be using these VPN services that are constantly being sold to you, in various.
[00:01:00] Places online and elsewhere. that’s what I’m here for. I go through the articles every week and of course there are probably tens of thousands of them, but I always look at a thousand or more. I look at these things every day and try and find the top ones for the week. The things I think you might be interested in, but most particularly the things I think you need to know, and I put them together.
And then I’ll send some of that out to the radio stations that I’m on to talk about what it is, what’s going on, all of that sort of thing. I enjoy doing this obviously, and I enjoy helping you out, but there’s only one way that you can get these things directly. If you want to follow along on the radio show, You need to go to Craig Peterson.com/subscribe.
We had a record number of subscribers last week, new subscribers to our weekly newsletter. You get all of that. Plus new subscribers. Get a plethora of some of my special reports. So they come over, every couple of days after you sign up. I really am trying to help everybody out here. So make sure you are on that list.
[00:02:00] Craig peterson.com/subscribe. I’ve been teasing something here. That’s very concerning to me. If much about most of these smart devices nowadays, they are all more or less based around what’s called an arm architecture. By the way, there is some crazy stuff happening in China right now, because this arm architecture is owned by a US company.
I think it’s actually called arm inc. This is an architecture that use to design an implant, the central processing unit of many computers, including Apple iPhones, et cetera. That’s very important stuff. Now Apple took the designs and what we in the industry called forked it so that they had their own version and they left the main line stuff.
[00:03:00] Behind, but many other companies have continued to license it and get there the core really of the CPU, that core stuff from the arm group. Now, Qualcomm is one of those companies that uses it. There are many others and China has been licensing this technology, various Chinese firms. Again. From the U S arm inc.
From now you remember, and we’ll talk about this in a few minutes or the segment. I think it is a Tik Tok and we chat and this escalation with president Trump. We’ll talk about what my feelings on that are. The problem is that China will no longer have the right to manufacture factor these chips based on the arm technology.
[00:04:00] So that’s a huge blow to China, frankly. I don’t know that they’ll be able to recover from this, I guess what could happen? Is China could say, forget about it. we’re not going to follow those intellectual property laws. We already know they don’t follow a lot of the intellectual property laws.
They don’t seem to care. so just keep making them, let them try and come after us nothing’s going to happen. so that might well happen. But this is going to be quite a poke in the eye for China. No question about it. Now, the chip that we’re talking and about here now is Qualcomm’s snap, dragon chip.
That’s what it’s called. There’s a billion or more Android devices that are using this chip that’s based on an industry standard, but using this Snapdragon chip, a billion or more. it turns out that there are more than 400 vulnerabilities known in Qualcomm Snapdragon chip that can turn the CPU in your Android device.
[00:05:00] Into a spine tool. Isn’t that absolutely amazing. Not all 400. We’ll let them do that, but there’s plenty that will, so they can exploit these in different ways. So the vulnerabilities can be exploited very easily. You might remember the whole thing with Jeff Bezos and his divorce and the Saudi Prince, supposedly sending the video.
these vulnerabilities in the Snapdragon chip, which may be what were used. I’m trying to remember if Bezos had an iPhone or not back then, but, these vulnerabilities can be exploited. By simply downloading a video or any other content, like a graphic, a steel frame, a graphic that’s embedded in an email.
[00:06:00] Any time there’s content that’s rendered by the Snapdragon chip, it can be exploited. The targets can also be attacked by installing malicious apps that require no permission from the Android device owner at all. Then from there, attackers can monitor locations, listened to. Listen to nearby audio in real time, they can take photos and videos off of your device.
They can upload them and it’s possible to render the phone completely unresponsive. If they want to. These infections can also be hidden from the operating system in such a way that it makes disinfecting it reloading the operating system. Pretty difficult, if possible at all. So we’ve got some bad news for you.
[00:07:00] If you’re running an Android, still get rid of it. I keep telling people and they don’t do it. I don’t know if they don’t believe me or what. so let’s dig into this a little bit more Snapchat again. Dragon is. A system on a chip. if you had some of the older PCs, you can think of the original IBM PC or the PCX T or the a T all the way on until just maybe 10 years ago, five years ago, even you open up a computer and you’d see in there a bunch of discreet.
Chips, you might see an Intel chip on that motherboard or maybe a power PC chip, if it was a Mac. Then there’d be a bunch of support chips nowadays. There’s GPS that are on that, motherboard or on that board anyways. Then you have you’re, you are to your serial ports and your parallel port. All of those were discrete.
[00:08:00] Processes or chips. Why fi everything? Snapdragon is a system on a chip that has basically all of that on one chip. It’s got a CPU, it’s got a graphics processor. It does Dignitas digital signal processing. It has charging abilities controlled by the main chip video audio, augmented reality, all of your multimedia functions.
Absolutely. Everything. With the di digital signal processor, that’s on the chip that allows apps to really that understand how to use that DSP, how to really speed things up. But unfortunately, it’s also created these 400 attack surfaces, just absolutely crazy. This is from security point from checkpoint.
They’ve been around a very long time. They have a rapport to these vulnerabilities. They’re being quoted here in ARS Technica saying, the DSP chips provide a relatively economical solution that allows mobile phones to provide the end users with more functionality and enable innovative features.
[00:09:00] They do come at a cost chips, introduced new attack surfaces, and we. Points to the mobile devices. DSP chips are much more vulnerable to risks as they are being managed as black boxes, since it can be very complex or anyone other than the manufacturer reviewed the design, the functionality or their code.
So call has a release out that is a fix for some of these flaws, but. It has not been included in the Android operating system or any Android device nears. Anyone can tell that uses the snap point, or Snapdragon, I should say. That’s according to checkpoint, there you go. Are sent, Nicole went in as Google when they’re going to include those Qualcomm patches.
[00:10:00] And the company spokesman said to check with Qualcomm and Qualcomm wouldn’t respond or didn’t respond. these are some serious CVS for those of you who are. More technical in the security side and the Qualcomm compute DSP vulnerability is absolutely crazy. Okay. Now they are saying, Qualcomm is saying that they have no evidence as being currently exploited, but I can think of a few cases where it really smells like maybe that’s what was exploited, make sure this is, common sense.
You only. Download apps from the Google play store. The official store never used an alternative store. Never route your phone, right? No jailbreak your phone because all of those things make you even more vulnerable. You keep asking Craig, Greg, Android’s fine. In fact, I got on the phone with. the gentleman who used to be the chief technology officer for the state of New Hampshire, did a lot of work for him, my company, over the years, setting up all of the stuff for the state.
[00:11:00] And, he assumed I had an Android phone. Cause you can play with it. You can take it apart. You can route it. You can do all of this stuff. No, I don’t. I had one way back one, but not since never since the biggest problem with Android. Is what was just disclosed here. Patches don’t make it out to the devices.
And this is more proof of that. Hey, you’re listening to Craig Peterson. Make sure you get all of this in your mailbox. Craig peterson.com/subscribe. We’re talking about President Trump. When we get back right here on WGAN and firstname.lastname@example.org.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: