Qualcomm acknowledged the vulnerabilities and released warnings about the flaws. The issues remain security risks unless phone manufacturers also push updates out to customers.

“We worked diligently to validate the issue and make appropriate mitigations available” to phone makers, Qualcomm said in a statement, adding that the company didn’t have any evidence that the problem was now being exploited by hackers. “We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Qualcomm said.

Quite a bummer.

Makkaveev looked at the Qualcomm Snapdragon chip, which is in more than 40 percent of Android devices, and found more than 400 vulnerabilities.

I don’t understand… Qualcomm Snapdragon is a suite of SoCs, not a single “chip”. Which one or ones are affected?

Seems to affect the overall architecture of the Snapdragon DSPs. But I have to correct myself: The findings were unveiled at DEF CON, not Black Hat.

Ahhh, that’s a little more concise, thanks. Quite a bummer to find security holes in a SDK used for quite a large number of firmware for SoCs, indeed. One more reason to fight for an open firmware technology (if we really needed more, that’s it).

One more reason to move away from qualcomm toward more open choice as allwinner and freescale and hopefully to open hardware architecture as RISC-V in the future.

RISC-V is a) academic and b) by no means energy-efficient in a way that might suit mobile phones. Also, it is just a CPU and not a System-on-Chip (SoC). Forget it, sorry.

This is not true. RISC-V is not an academic research project any more. There already some SoC projects that use RISC-V ISA and even high end CPU and low power CPU for IoT. RISC-V is the future of CPU/SoC as GNU/Linux is the present of OS.

Funny, just found out that they have a meetup group in Vienna:

grafik1263×500 193 KB