Hackers Exploited Vulnerability in Qualcomm Chips, Potentially Putting Samsung Galaxy Phones at Risk
A head's up on that security snafu
Let's chat about a recent security issue that could've potentially thrown a wrench in the works for a bunch of popular smartphones and tablets. Qualcomm's come clean about it, but we're still up in the air about the specifics such as what was targeted and who might've been at risk.
Fast forward to this week, and Qualcomm spilled the beans about an old-school zero-day bug, CVE-2024-43047, lurking in some of their older high-end mobile CPUs. This buggo could've affected a whopping 64 chips, such as the popular Snapdragon 888+ and Snapdragon 8 Gen 1, a 2021 top-tier processor found in devices like the Samsung Galaxy S22, OnePlus 10 Pro, and Motorola Edge 30 Pro. To check if your device is on the naughty list, pop over to the chipmaker's security explainer page and compare your chip.
To find your CPU on your Android device, navigate to settings, then system, followed by the tab labeled 'about phone' or 'about device'. You'll find your CPU listed under processor.
Qualcomm specified that the bug was only under limited, targeted exploitation, hinting that the bug wasn't rampant, and was likely used in a select few cases. Nevertheless, it doesn't make it any less worrisome. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted that these Qualcomm chips harbored a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory. However, the agency is clueless about whether this exploit was leveraged in contemporary ransomware operations.
Qualcomm already sent out the patch to OEMs last month, with a strong nudge for firms to apply the update ASAP. As first disclosed by TechCrunch, Google Threat Analysis Group and Amnesty International Security Lab were the ones who unearthed the vulnerability. Amnesty International promises to share more info on the exploit soon.
There's a possibility that millions of phones across the globe, including Xiaomi, Realme, Vivo, and ZTE devices, could've been in the line of fire. The bottom line? It's a waiting game to see the tricks these bad actors might've deployed.
- The security concern affects Qualcomm's Snapdragon 888+ and 8 Gen 1 CPUs, chips found in future tech like the Samsung Galaxy S22, OnePlus 10 Pro, and Motorola Edge 30 Pro.
- The exploited zero-day bug, CVE-2024-43047, was under limited, targeted exploitation, potentially used in select cases.
- To determine if a device is affected, users can find the CPU in their Android device's settings, under the 'about phone' or 'about device' tab.
- Amnesty International Security Lab, in collaboration with Google Threat Analysis Group, discovered the vulnerability, but more information on the exploit is yet to be shared.
