By Oleg Mogilevsky, Product Marketing Manager, Threat Prevention
These days you use your smartphone to do your job more than ever before. You might be as careful as one can be, but what if your phone is inherently vulnerable to exploits you are not aware of?
In research dubbed “Achilles,” the Check Point Research team has found over 400 vulnerabilities in one of Qualcomm Technologies’ most-used DSP chips. A chip embedded into over 40% of the mobile phone market, including high-end phones from Google, Samsung, LG, Xiaomi, OnePlus, and more. The vulnerabilities found might allow a malicious actor to enable seemingly-innocent mobile apps, downloaded from official app stores, to run malicious code on the device’s chipset. Consequently, your phone can turn into a spying tool, completely crash, or get infected with hidden and un-removable malware.
Check Point disclosed these findings with Qualcomm, who acknowledged them, notified the relevant device vendors and assigned them with the following CVE’s: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.
SandBlast Mobile is the only solution that can defend against this threat. Keep your executives’ phones secure and your corporate data protected. Sign up today and get 50 complimentary licenses for 90 days
Check out this video to learn more about these vulnerabilities and how SandBlast Mobile by Check Point defends against them:
What’s the Risk?
The vulnerabilities could have the following impact on users of phones with the affected chip:
- Attackers can turn the phone into a perfect spying tool, without any user interaction required– The information that can be exfiltrated from the phone including photos, videos, call-recording, real-time microphone data, GPS and location data, etc.
- Attackers may be able to render the mobile phone constantly unresponsive – Making all the information stored on this phone permanently unavailable – including photos, videos, contact details, etc – in other words, a targeted denial-of-service attack.
- Malware and other malicious code can completely hide their activities and become un-removable.
These days, while working from home, employees are increasingly using their mobile devices to access corporate assets and perform critical tasks. An employee device that is affected by the Achilles vulnerabilities can pose a risk to the entire organization. Once an attacker compromises the device, he or she can gain access to sensitive business data stored on the work email or any other corporate application.
How can you protect your mobile workforce?
To date, SandBlast Mobile by Check Point is the only Mobile Threat Defense (MTD) solution able to protect mobile devices used to access corporate data in your organization from the “Achilles” vulnerability. SandBlast mobile secures potentially vulnerable devices and makes sure they are not exposed to various device-level exploits and vulnerabilities, including “Achilles”.
The market-leading MTD solution, SandBlast Mobile keeps your corporate data safe by securing employees’ mobile devices across all attack vectors: apps, network and OS.
Designed to reduce admins’ overhead and increase user adoption, it perfectly fits into your existing mobile environment, deploys and scales quickly, and protects devices without impacting user experience nor privacy.
Sign up for SandBlast Mobile Special Offer
Check Point is committed to making technology and products around the world safer. To keep your employees’ and executives’ phones secure and your corporate data safe, start using SandBlast Mobile today.
In a proactive move, Check Point is offering organizations with more than 100 employees that could have been affected by these risks 50 free SandBlast Mobile licenses to protect and prevent any potential damage for the upcoming three months.
Sign up now and get your complimentary 50 licenses to protect your mobile workforce.
Still not convinced? Check out the SandBlast Mobile product tour to get a first-hand experience of all the features and capabilities of SandBlast Mobile.