Qualcomm Confirms Cyberattack on Android Phones with Its Chipsets
Oct. 10, 2024From your Android smartphone’s battery suddenly running out quickly to spotting new apps that you don’t remember installing, how many times have you gotten paranoid about your device being hacked? Turning your worst nightmares into reality, Qualcomm today opened up about a zero-day vulnerability in its chipsets, which has now been patched, that made Android smartphones prone to a cyberattack.
Turns out, the exploitable vulnerabilityaffects a wide range of Qualcomm’s mid-range and flagship chipsets, modems as well as FastConnect modules. In itssecurity bulletin, Qualcomm has listed the chipsets and the vulnerability levels, ranging from medium to critical.
The security flaw was discovered by researchers over at the Google Threat Analysis Group and Amnesty International Security Lab, now confirmed by Qualcomm.
Some of the popular flagship chipsets listed in this bulletin are theSnapdragon 8 Gen 1, 8+ Gen 1, 8 Gen 2, 8+ Gen 2, and 8 Gen 3. Even the Snapdragon X65 5G modem that iPhone 14 models use as well as the Snapdragon X75 5G that the latest iPhone 16 use are at risk.
Even older Qualcomm chipsets like theSnapdragon 662, 680, 695, 765, 865+, 888, and 888+are also affected by the vulnerability. From the looks of it, neither entry-level nor flagship-grade Qualcomm-using Android phones are safe.
Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.
The suggested course of action listed on America’s Cyber Defence Agency’s website is to,“apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.”Moreover, Qualcomm stated that ithas shared the patch addressing this vulnerability with OEMsand alerted them to roll it out to users as soon as possible.
Now, although iPhones are using Qualcomm’s affected 5G modems, it’s unclear whether they are at risk too. Moreover, it was mostly individuals affected by said vulnerability in hacking campaigns. The motive behind exploiting this vulnerability in Android phones is also unclear. Hopefully, more concrete details about the affected users will surface online in the coming days.
For now, all you can do is hope that you get the zero-day vulnerability patch from your phone maker at the earliest. With cyberattacks increasing at an unprecedented scale globally, companies need to buckle up and conduct active audits of their security systems to detect such vulnerabilities. What do you think about the entire debacle of Qualcomm’s chipset vulnerability? Drop your thoughts in the comments down below.
Sagnik is a tech aficionado who can never say “no” to dipping his toes into unknown waters of tech or reviewing the latest gadgets. He is also a hardcore gamer, having played everything from Snake Xenzia to Dead Space Remake.
