More Than Billion Android Phones at Risk From Security Gap in CPUs
Vulnerabilities found in Qualcomm processors are putting more than one billion Android devices at risk.
Qualcomm's mobile processors have always been considered to be the best in terms of performance. They have also been known for their security and regular delivery of updates to Android phones. There are many indications that this may change with the latest reports. More than 400 potential vulnerabilities have been discovered in various Snapdragon chipsets, which can threaten up to a billion devices based on this SoC.
The vulnerabilities can be used to install malicious applications without the user's consent and knowledge on devices equipped with the US company's processor. Unauthorized persons can therefore access virtually all information - from user's current location, through personal data, to eavesdropping through the microphone. The nature of these vulnerabilities allows malicious code to be hidden from the operating system, making it impossible to remove unwanted software.
Qualcomm was notified of the situation by Check Point. Of course, no full documentation of errors found in the processors was provided, so as not to make the criminals' job easier.
We don't know how the situation will develop, because we have known for a long time that most Android phones and tablets get updates for a year, up to a maximum of two after their release, and in extreme cases they receive almost no updates at all. The introduction of the "patch" eliminating vulnerability to attack is therefore very unlikely due to the number of devices and the multitude of versions of the operating system. Qualcomm, in a comment for Ars Technica, said that "there is no evidence yet that the vulnerability has been discovered and exploited". However, the company recommends installing applications only from reliable sources - such as the Google Play store.
It is worth remembering that the Google app store is not completely safe either, as in the past it has been a place where malicious apps were installed by millions of users. In all this confusion, we can also see how comfortable the situation is for users of even older iOS phones, which receive new system updated for many years, and when the support is over, they get security patches, which we will probably not see in at least 40% of the billion of vulnerable smartphones with Qualcomm processors.