Qualcomm has acknowledged that several of its chips are vulnerable to security breaches. On 7 October 2024, the firm made a statement acknowledging that several of its devices, including the flagship Snapdragon 8 Gen 1 SoC, are possibly vulnerable to exploitation. Google's Threat Analysis Group recognised this vulnerability as CVE-2024-43047, meaning that it ‘may be under limited, targeted exploitation.’ Smartphones from top brands such as Samsung, OnePlus, Xiaomi, Oppo and Motorola are among those affected, as is Apple's iPhone 12 series.
The security weakness was discovered in a wide range of Qualcomm processors, including mobile System-on-Chip (SoCs), modems and FastConnect networking modules. Qualcomm identified 64 vulnerable chips, including popular versions such as the Snapdragon 8 Gen 1, Snapdragon 888+, Snapdragon 660 and Snapdragon 680 SoCs. Devices powered by these chips may be vulnerable to unauthorised access, potentially resulting in data breaches or other criminal acts.
The inclusion of Qualcomm's Snapdragon X55 5G modem, which is utilised in Apple's iPhone 12 series, is especially troubling. This shows the vast reach of the vulnerability, which affects not only Android smartphones but also some iPhones. Qualcomm has acknowledged the problem and is currently studying potential exploits, however they have stated that the vulnerability is under ‘limited, targeted exploitation.’
Qualcomm has not yet provided precise information about how hackers have exploited this vulnerability or how prevalent the problem is. However, the corporation has urged users and device manufacturers to remain careful. Qualcomm is creating software patches to remedy the issue and urges impacted device manufacturers to implement them as soon as they become available.
Qualcomm was originally made aware of the vulnerability by Google's Threat Analysis Group, which is well-known for discovering and tackling serious cybersecurity risks. As the situation progresses, Qualcomm is likely to release updates and security patches to limit the possible impact of this vulnerability on impacted devices. Users are encouraged to rapidly update their devices and security software to prevent hazards.
