Security has become one of the most important aspects for the modern user, and manufacturers are responding by promising extensive support; brands like Google or Samsung already promise it between 6 and 7 years of security updateswhich allow you to continue using your mobile phone with complete peace of mind. And now that promise will be put to the test, due to a serious vulnerability confirmed by Qualcomm.
The security flaw was initially discovered by a researcher in Google’s Threat Analysis Group, an independent team dedicated to finding errors in all types of applications and services; However, this time the vulnerability does not affect “software”, but rather “hardware”, specifically the Qualcomm Snapdragon family of processors.
The manufacturer itself confirmed it shortly after, listing no less than 64 affected chips, including some of the most used processors in the Android mobile sector, like Snapdragon 888 or Snapdragon 660; Even the newest models are not spared, and the latest high-end model launched by the company so far, the Snapdragon 8 Gen 3, is also affected. As if that were not enough, the problem is also found in chips designed for other devices, such as the FastConnect 6700 used in embedded platforms or the X55 modem used in some iPhone models.
The security flaw is of a type known as Use-After-Free, UAF, which occurs when a program continues to use part of memory after freeing it
The vulnerability suffered by Snapdragon chips is “zero days”; This means that this bug was not known to Qualcomm and even worse, has already been used by hackers. As confirmed by Amnesty International, the vulnerability was exploited to “attack specific individuals”, instead of using it as a widespread attack against as many users as possible; This indicates that it could have been used to access the cell phones of important figures, whether political leaders, journalists or espionage targets, but at the moment it is unclear who these targets were .
However, now that this vulnerability is known, it is only a matter of time before it begins to be widely used by all types of hackers. The good news is that Qualcomm has already released a patch now available to mobile manufacturers, informing them of a “strong recommendation to release the update as soon as possible”; The bad news is that the user is now dependent on these companies to rush out the update as quickly as possible. In many cases, especially on older phones, it is very possible that phones that are no longer supported will not receive any type of update and will remain vulnerable.
