Qualcomm Confirms Security Vulnerabilities in Chips, Affecting Major Smartphone Brands
Qualcomm, the American semiconductor manufacturer, has acknowledged a significant security vulnerability in some of its chips, which hackers have reportedly exploited. On October 7, Qualcomm revealed that Google’s Threat Analysis Group identified the vulnerability, CVE-2024-43047, which may have been subjected to limited, targeted exploitation. Affected chips include popular models like Snapdragon 8 Gen 1, Snapdragon 888+, Snapdragon 660, and Snapdragon 680, impacting devices from top brands such as Samsung, OnePlus, Xiaomi, Oppo, and Motorola. The vulnerability also extends to the Snapdragon X55 5G modem used in Apple’s iPhone 12 series.
The vulnerability, attributed to “memory corruption in DSP (Digital Service Provider) Services,” has also been listed by the US Cybersecurity and Infrastructure Security Agency (CISA). Qualcomm has stated that fixes were made available to its customers in September 2024, and it is now up to original equipment manufacturers (OEMs) to issue security patches to affected devices. Qualcomm spokesperson Catherine Baker praised Google Project Zero and Amnesty International Security Lab for coordinating their research disclosure, allowing Qualcomm to address the issue promptly.
Amnesty International plans to release further research on this vulnerability soon. Meanwhile, Qualcomm’s announcement has raised concerns across the mobile industry, as users of affected devices wait for necessary security updates from OEMs to safeguard against potential breaches.
Pic Courtesy: google/ images are subject to copyright