Qualcomm chips are usually preferred processors for many smartphone users, given the firm delivers powerful graphics hardware and development-friendly nature. However, it is not without security flaws itself, and the latest vulnerability found on some of the chips are significant.
The flaws were discovered by security researcher Keegan Ryan, reported by ZDNet, allowing cybercriminals to gain access to private data and security keys in a secure part of the chipset. This week, Ryan posted a white paper regarding the flaws, noting he was able to extract security keys from rooted Nexus 5X.
Meanwhile, Qualcomm noted the flaw as ‘critical’ and has confirmed to have patched the vulnerability. This is the highest security flaw Qualcomm has faced, the firm says ‘critical’ vulnerabilities could allow someone to remotely control a device.
According to Google Android Security Bulletin, the flaws have been fixed with the April 2019 security patch. However, many Android-based smartphone manufacturers have been known to have skimped the update, which might pose serious threats to the security and privacy of those smartphone users. Qualcomm has admitted that the flaw affects over 40 chipsets, including laptop, smartwatch, and automotive silicon.
Some of the more prominent smartphone affected by the vulnerability include the Snapdragon 200 series, Snapdragon 400 family (bar the Snapdragon 400 itself, it seems), Snapdragon 625, Snapdragon 636, Snapdragon 660, Snapdragon 670, Snapdragon 710/712, Snapdragon 820, Snapdragon 835, and Snapdragon 845. Qualcomm has posted the full list of chipsets affected by the flaw at its product security bulletin.
Users who have any of the aforementioned chips in their smartphones and have not received April Android security patch should nag their manufacturers as they are running a risk of exploitation. Google has taken steps in order to resolve the issue by mandating two years of security patches in contracts with manufacturers, however, many brands often fall behind in their timely delivery.
- WhatsApp Pay being tested in India, will debut soon: Mark Zuckerberg
- Xiaomi flips notch upside down on its smartphone patent design
- Apple iPad to get USB mouse support with iOS 13