Qualcomm (Photo: Qualcomm)
American semiconductor manufacturer Qualcomm has confirmed that some of its chips have security vulnerabilities that have been exploited by hackers. In an announcement published on October 7, Qualcomm stated that Google Threat Analysis Group indicated a security vulnerability, identified as CVE-2024-43047, “may be under limited, targeted exploitation.”
The company has listed a total of 64 affected chips, including mobile System-on-chips (SoCs), modems, and FastConnect connectivity modules. Notable chips mentioned include the Snapdragon 8 Gen 1 flagship SoC, Snapdragon 888+, Snapdragon 660, and Snapdragon 680. This suggests that devices powered by these chips, including smartphones from brands like Samsung, OnePlus, Xiaomi, Oppo, and Motorola, may be vulnerable to a security breach. Qualcomm also listed the Snapdragon X55 5G modem, which is used in Apple’s iPhone 12 series, among the affected chipsets.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also listed the vulnerability, attributing it to “memory corruption in DSP (Digital Service Provider) Services.”
In a statement to TechCrunch, Qualcomm spokesperson Catherine Baker said, “Fixes have been made available to our customers as of September 2024,” and it is now up to original equipment manufacturers (OEMs) and device makers to release a security patch for users. She also commended “the researchers from Google Project Zero and Amnesty International Security Lab for using coordinated disclosure practices,” which enabled Qualcomm to address the vulnerability.
Amnesty International spokesperson Hajira Maryam told TechCrunch that the organisation’s research on this vulnerability “will be released soon.”
First Published: Oct 11 2024 | 4:03 PM IST
