cross-posted from: https://infosec.pub/post/18563178

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. […]

  • ReversalHatchery@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    how and when is the DSP used, though?

    and what kind of code can take advantage of this? apps? javascript in browser apps? or a non-app system process with a specific privilege?

    • limerod@reddthat.comM
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 month ago

      DSP (Digital Signal Processor) is used anywhere where a digital signal is processed like audio, video, etc. When you play your favourite media its played by your processor’s DSP instead of your CPU saving battery. Speech recognition is another area where DSP is used for this.

      Nowadays, it does more than just play media. Including doing AI tasks on a NPU(Neural Processing Unit) like Object recognition, running LLM(Large Language Models) to generate pictures, suggest frequently used apps, etc.

      and what kind of code can take advantage of this? apps? javascript in browser apps? or a non-app system process with a specific privilege?

      As for code anything that processes signals can be accelerated by it.

      User code does not get privileged access to it. JavaScript is sanboxed but system processes in chrome and firefox can use it for media playback.

      For accelerated AI tasks on the NPU. It depends if the app developer leverage the specific neural SDK for Qualcomm, mediatek. Or use NNAPI API, or LiteRT

      It’s standard on most smartphones like the CPU, GPU. If you want you can ask perplexity.ai for specific info in it.

      I have given a short summary. But, there’s lot more you can read if interested.