Sign in Subscribe
3 min read android

Hackers Exploit Zero-day Vulnerability in Qualcomm Chips to Target Android Users

Qualcomm confirms a critical zero-day vulnerability affecting 64 different chipsets, including the popular Snapdragon 8 Gen 1. Google's Threat Analysis Group and Amnesty International report targeted exploitation in the wild.
Hackers Exploit Zero-day Vulnerability in Qualcomm Chips to Target Android Users

In early October, Qualcomm confirmed that hackers had exploited a zero-day vulnerability in dozens of its chipsets found in popular Android devices. This discovery poses a serious security threat to millions of users worldwide.

What is a Zero-day Vulnerability?

A zero-day vulnerability is a security flaw that is unknown to the hardware or software manufacturer at the time it is being exploited by attackers. In this case, the vulnerability has been officially designated as CVE-2024-43047.

Who is Behind the Attacks?

According to Qualcomm, there are "indications" from Google's Threat Analysis Group (TAG), Google's research unit investigating government hacking threats, that the vulnerability "may be under limited, targeted exploitation." Amnesty International's Security Lab, which works to protect civil society from digital surveillance and spyware threats, confirmed Google's assessment.

Which Devices are Affected?

Qualcomm has listed 64 different chipsets affected by this vulnerability, including the flagship Snapdragon 8 (Gen 1) mobile platform, as well as:

  • FastConnect series (6700, 6800, 6900, 7800)
  • Multiple QCA models (6174A, 6391, 6426, 6436, etc.)
  • Various Snapdragon platforms (660, 865 5G, 680 4G, 685 4G, 888, etc.)
  • Several modem-RF systems including Snapdragon X55 5G

The Snapdragon 8 (Gen 1) platform is used in dozens of Android phones, including:

  • Motorola: Moto Edge 30 Pro
  • Samsung: Galaxy S22, Galaxy S22+, Galaxy S22 Ultra
  • OnePlus: 10 Pro
  • Oppo: Find X5 Pro
  • Xiaomi: 12, 12 Pro
  • ZTE: Axon 40 Ultra

This means millions of users worldwide are potentially affected.

How Serious is the Threat?

The fact that Google and Amnesty International are investigating the use of this zero-day under "limited, targeted exploitation" suggests the hacking campaign was likely aimed at specific individuals rather than a large number of targets. However, the scale of potentially affected devices makes this threat very serious.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the Qualcomm vulnerability in its list of known exploited vulnerabilities. This further demonstrates the severity of the situation.

What are Experts Doing About It?

Qualcomm spokesperson Catherine Baker stated: "We commend the researchers from Google Project Zero and Amnesty International Security Lab for using responsible disclosure practices," which allowed the company to develop patches for this vulnerability.

Qualcomm announced that "fixes have been made available to our customers as of September 2024." It is now up to Qualcomm's customers - Android device manufacturers using the affected chipsets - to release the patch for their customers' devices.

What Does This Mean for Users?

If you own an Android device that uses one of the affected Qualcomm chipsets, you should:

  1. Regularly check for software updates
  2. Install any available security updates as soon as possible
  3. Exercise caution when using your device, particularly when opening links or downloading apps from unknown sources

What are the Broader Implications?

This situation highlights several important issues:

  1. Supply Chain Security Importance: The vulnerability in Qualcomm chipsets affects many different device manufacturers, showing how one component's vulnerability can have far-reaching consequences.
  2. Need for Rapid Response: The time between vulnerability discovery and patch deployment is critical. Companies must be able to respond quickly to such threats.
  3. Security Research Value: The work of teams like Google TAG and Amnesty International Security Lab is essential for detecting and mitigating advanced threats.
  4. Ongoing Zero-day Threat: This situation reminds us that even the most advanced security systems can have unknown vulnerabilities that attackers can exploit.

What's Next?

The discovery of the zero-day vulnerability in Qualcomm chipsets serves as a serious reminder of ongoing cybersecurity threats. While manufacturers and security experts work to mitigate this threat, end users play a crucial role in protecting their devices and data.

Additionally, this situation highlights the Android fragmentation problem. Fragmentation refers to the wide variety of Android versions and hardware it runs on, making security updates more challenging to implement across all devices. While some manufacturers, like Google and Samsung, quickly release security updates, others may delay or not provide updates for older models at all. This inconsistency in updates leaves many Android users vulnerable to threats, even when patches are available. Therefore, it's important to choose devices from manufacturers known for regular security updates and consider replacing older devices that no longer receive support.

Please check the referenced articles and security bulletins for more detailed technical information and the latest updates regarding this situation.

Published by:

Marcin Rybak

You might also like...

Nov
07

Pwn2Own Ireland 2024: Over a million dollars for discovering 70 security vulnerabilities

5 min read

Member discussion