English

DEF CON: 400+ vulnerabilities in Qualcomm SoCs

Qualcomm acknowledged the vulnerabilities and released warnings about the flaws. The issues remain security risks unless phone manufacturers also push updates out to customers.

“We worked diligently to validate the issue and make appropriate mitigations available” to phone makers, Qualcomm said in a statement, adding that the company didn’t have any evidence that the problem was now being exploited by hackers. “We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Qualcomm said.

Quite a bummer.

5 Likes

Makkaveev looked at the Qualcomm Snapdragon chip, which is in more than 40 percent of Android devices, and found more than 400 vulnerabilities.

I don’t understand… Qualcomm Snapdragon is a suite of SoCs, not a single “chip”. Which one or ones are affected?

3 Likes

Seems to affect the overall architecture of the Snapdragon DSPs. But I have to correct myself: The findings were unveiled at DEF CON, not Black Hat.

1 Like

Ahhh, that’s a little more concise, thanks. Quite a bummer to find security holes in a SDK used for quite a large number of firmware for SoCs, indeed. One more reason to fight for an open firmware technology (if we really needed more, that’s it).

1 Like

One more reason to move away from qualcomm toward more open choice as allwinner and freescale and hopefully to open hardware architecture as RISC-V in the future.

1 Like

RISC-V is a) academic and b) by no means energy-efficient in a way that might suit mobile phones. Also, it is just a CPU and not a System-on-Chip (SoC). Forget it, sorry.

This is not true. RISC-V is not an academic research project any more. There already some SoC projects that use RISC-V ISA and even high end CPU and low power CPU for IoT. RISC-V is the future of CPU/SoC as GNU/Linux is the present of OS.

2 Likes

Funny, just found out that they have a meetup group in Vienna: :smile: