These days you use your smartphone to do your job more than ever before. You might be as careful as one can be, but what if your phone is inherently vulnerable to exploits you are not aware of?
In research dubbed “Achilles,” the Check Point Research team has found over 400 vulnerabilities in one of Qualcomm Technologies’ most-used DSP chips. A chip embedded into over 40% of the mobile phone market, including high-end phones from Google, Samsung, LG, Xiaomi, OnePlus, and more. The vulnerabilities found might allow a malicious actor to enable seemingly-innocent mobile apps, downloaded from official app stores, to run malicious code on the device’s chipset. Consequently, your phone can turn into a spying tool, completely crash, or get infected with hidden and un-removable malware.
Check Point disclosed these findings with Qualcomm, who acknowledged them, notified the relevant device vendors and assigned them with the following CVE’s: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.
SandBlast Mobile is the only solution that can defend against this threat. Keep your executives’ phones secure and your corporate data protected.
Check out this video to learn more about these vulnerabilities and how SandBlast Mobile by Check Point defends against them:
What’s the Risk?
The vulnerabilities could have the following impact on users of phones with the affected chip:
Attackers can turn the phone into a perfect spying tool, without any user interaction required– The information that can be exfiltrated from the phone including photos, videos, call-recording, real-time microphone data, GPS and location data, etc.
Attackers may be able to render the mobile phone constantly unresponsive – Making all the information stored on this phone permanently unavailable – including photos, videos, contact details, etc – in other words, a targeted denial-of-service attack.
Malware and other malicious code can completely hide their activities and become un-removable.
These days, while working from home, employees are increasingly using their mobile devices to access corporate assets and perform critical tasks. An employee device that is affected by the Achilles vulnerabilities can pose a risk to the entire organization. Once an attacker compromises the device, he or she can gain access to sensitive business data stored on the work email or any other corporate application.
How can you protect your mobile workforce?
To date, SandBlast Mobile by Check Point is the only Mobile Threat Defense (MTD) solution able to protect mobile devices used to access corporate data in your organization from the “Achilles” vulnerability. SandBlast mobile secures potentially vulnerable devices and makes sure they are not exposed to various device-level exploits and vulnerabilities, including “Achilles”.
The market-leading MTD solution, SandBlast Mobile keeps your corporate data safe by securing employees’ mobile devices across all attack vectors: apps, network and OS.
Designed to reduce admins’ overhead and increase user adoption, it perfectly fits into your existing mobile environment, deploys and scales quickly, and protects devices without impacting user experience nor privacy.
Source : https://blog.checkpoint.com/2020/12/04/40-of-the-worlds-mobile-devices-are-inherently-vulnerable-is-your-corporate-data-at-risk/