An Exploit in Qualcomm Chips Let Hackers Potentially Access High-End Android Phones

Qualcomm offered a fewer sparse details astir a information exploit hackers could person utilized connected a multitude of phones and tablets from large instrumentality makers. The contented has been patched, but we inactive don’t person a bully thought what the exploit targeted oregon who could person been impacted.

Earlier this week, Qualcomm offered details astir a erstwhile zero-day bug, CVE-2024-43047, recovered successful respective of the chipmaker’s older, high-end mobile CPUs. This exploit perchance impacted a wide scope of 64 chips, including the Snapdragon 888+ and Snapdragon 8 Gen 1—a top-end processor from 2021 that was utilized successful phones similar the Samsung Galaxy S22, the OnePlus 10 Pro, and Motorola Edge 30 Pro, to sanction a few. The afloat database of perchance impacted chips is disposable connected Qualcomm’s security explainer page. 

If you privation to cognize if your telephone was perchance targeted by hackers, you’ll request to comparison your spot to the afloat list. To find your CPU connected your Android phone, spell to Settings, past hit System, and pat connected the tab that says About telephone or About device. You should spot the CPU listed nether Processor. 

Qualcomm specified that the bug was “under limited, targeted exploitation,” which seems to suggest that the exploit wasn’t wide and was lone utilized successful a fistful of cases. Still, that doesn’t marque it immoderate little concerning. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted the Qualcomm chips “contain a use-after-free vulnerability owed to representation corruption successful DSP Services portion maintaining representation maps of HLOS memory.” However, the bureau said it is presently chartless whether that exploit was utilized successful modern ransomware campaigns.

Qualcomm said it already sent retired the spot to OEMs past period with a “strong recommendation” for companies to deploy the update ASAP. As archetypal reported by TechCrunch, Google Threat Analysis Group and Amnesty International Security Lab discovered the vulnerability. Amnesty International told TechCrunch it would merchandise much accusation astir the exploit “soon.” 

The exploit whitethorn person impacted millions of phones crossed the U.S. and the remainder of the world. Those Qualcomm chips tin besides beryllium recovered successful Xiamoi, Realme, Vivo, and ZTE phones. The lone happening near to bash is hold to spot however these phones could person been exploited.