Qualcomm offered a few sparse details about a security exploit hackers could have used on a multitude of phones and tablets from major device makers. The issue has been patched, but we still don’t have a good idea what the exploit targeted or who could have been impacted.
Earlier this week, Qualcomm offered details about a previous zero-day bug, CVE-2024-43047, found in several of the chipmaker’s older, high-end mobile CPUs. This exploit potentially impacted a wide range of 64 chips, including the Snapdragon 888+ and Snapdragon 8 Gen 1—a top-end processor from 2021 that was used in phones like the Samsung Galaxy S22, the OnePlus 10 Pro, and Motorola Edge 30 Pro, to name a few. The full list of potentially impacted chips is available on Qualcomm’s security explainer page.
If you want to know if your phone was potentially targeted by hackers, you’ll need to compare your chip to the full list. To find your CPU on your Android phone, go to Settings, then hit System, and tap on the tab that says About phone or About device. You should see the CPU listed under Processor.
Qualcomm specified that the bug was “under limited, targeted exploitation,” which seems to suggest that the exploit wasn’t widespread and was only used in a handful of cases. Still, that doesn’t make it any less concerning. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted the Qualcomm chips “contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.” However, the agency said it is currently unknown whether that exploit was used in modern ransomware campaigns.
Qualcomm said it already sent out the patch to OEMs last month with a “strong recommendation” for companies to deploy the update ASAP. As first reported by TechCrunch, Google Threat Analysis Group and Amnesty International Security Lab discovered the vulnerability. Amnesty International told TechCrunch it would release more information about the exploit “soon.”
The exploit may have impacted millions of phones across the U.S. and the rest of the world. Those Qualcomm chips can also be found in Xiamoi, Realme, Vivo, and ZTE phones. The only thing left to do is wait to see how these phones could have been exploited.
+ There are no comments
Add yours