DEF CON: 400+ vulnerabilities in Qualcomm SoCs

teezeh · August 7, 2020, 8:47am

Qualcomm acknowledged the vulnerabilities and released warnings about the flaws. The issues remain security risks unless phone manufacturers also push updates out to customers.

“We worked diligently to validate the issue and make appropriate mitigations available” to phone makers, Qualcomm said in a statement, adding that the company didn’t have any evidence that the problem was now being exploited by hackers. “We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Qualcomm said.

Quite a bummer.

Roboe · August 7, 2020, 2:26pm

Makkaveev looked at the Qualcomm Snapdragon chip, which is in more than 40 percent of Android devices, and found more than 400 vulnerabilities.

I don’t understand… Qualcomm Snapdragon is a suite of SoCs, not a single “chip”. Which one or ones are affected?

teezeh · August 9, 2020, 9:16am

Seems to affect the overall architecture of the Snapdragon DSPs. But I have to correct myself: The findings were unveiled at DEF CON, not Black Hat.

Roboe · August 9, 2020, 10:14am

Ahhh, that’s a little more concise, thanks. Quite a bummer to find security holes in a SDK used for quite a large number of firmware for SoCs, indeed. One more reason to fight for an open firmware technology (if we really needed more, that’s it).

erotavlas · August 11, 2020, 9:59am

One more reason to move away from qualcomm toward more open choice as allwinner and freescale and hopefully to open hardware architecture as RISC-V in the future.

teezeh · August 11, 2020, 3:53pm

RISC-V is a) academic and b) by no means energy-efficient in a way that might suit mobile phones. Also, it is just a CPU and not a System-on-Chip (SoC). Forget it, sorry.

erotavlas · August 13, 2020, 6:39am

This is not true. RISC-V is not an academic research project any more. There already some SoC projects that use RISC-V ISA and even high end CPU and low power CPU for IoT. RISC-V is the future of CPU/SoC as GNU/Linux is the present of OS.

Stefan · August 13, 2020, 6:59am

Funny, just found out that they have a meetup group in Vienna:

erotavlas · December 6, 2020, 9:07am

Great new: Micro Magic RISC-V Core Claims to Beat Apple M1 and Arm Cortex-A9

system · June 6, 2021, 9:07pm

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.