Critical flaw affects 64 Qualcomm chips, including Snapdragon 8 Gen 1

It was recently revealed that a critical security flaw affected 64 Qualcomm processorsincluding the popular Snapdragon 8 Gen 1used in several high-end smartphones from 3 years ago.

This zero-day vulnerability, considered extremely serious in the field of cybersecurity, requires immediate action due to its potential to cause significant damage. In the next paragraphs I bring more details about this story.

Also read
Rumor: Qualcomm is interested in buying part of Intel
Snapdragon 8 Gen 4: Qualcomm chip surpasses Apple A17 Pro and approaches the M3

Popular chips were affected by the zero-day flaw

A Qualcomman American semiconductor giant, confirmed the existence of the flaw this week, but assured that it has already sent a correction to companies manufacturing devices that use the affected chips.

The seriousness of the situation is evidenced by the fact that among the vulnerable models are some of the company’s most advanced and widely used processors, such as the Snapdragon 8 Gen 1 and the Snapdragon 888.

The Snapdragon 8 Gen 1 in particular is of great concern as it is the heart of many high-end smartphones released between 2021 and 2022. Popular devices like the Galaxy S22 line from Samsung and the Xiaomi 12 are among those potentially affected. The Snapdragon 888, although less common in the Brazilian market, equips models such as the Motorola Edge 30 Fusion and some versions of Asus ROG Phone 5s.

The vulnerability is not just limited to smartphones. The Snapdragon 8cx Gen 3, a Qualcomm platform intended for notebooks launched in 2021, is also on the list of compromised chips. This expands the scope of the threat beyond the mobile ecosystem, potentially reaching a wider range of computing devices.

Security patches have already been distributed

Although Qualcomm did not provide specific details about the nature of the attacks, the discovery of the flaw was credited to Qualcomm’s Threat Analysis Group. Google and the Amnesty International Security Laboratory. The lack of detailed information raises suspicions that the vulnerability may be related to some type of unauthorized surveillance of users.

An intriguing aspect of the situation is that, despite the Google and Amnesty International report pointing out that Android devices were the main targets, the flaw also affects the Snapdragon X55 5G modem, used by Apple on the iPhone 12 line. This demonstrates that the vulnerability transcends the boundaries of operating systems, potentially affecting iOS users as well.

Qualcomm emphasized that it already distributed security patches to partner companies last month, highlighting the urgency with which the company addressed the issue. However, it remains to be seen how long it will take for these fixes to actually reach end-user devices, as they depend on implementation by smartphone and other device manufacturers.

What is a zero-day failure?

A zero-day flaw is a type of security vulnerability in software or hardware that is unknown to the manufacturer or developer of the product. The term “zero day” refers to the fact that developers have zero days to fix the issue before it is potentially exploited by attackers.

These vulnerabilities are particularly dangerous for several reasons:

• Ignorance: As the flaw is unknown to the developers, there are no patches or fixes immediately available.
• Exploration window: Attackers could exploit the vulnerability before a solution is developed and implemented.
• High non-black market value: Information about zero-day failures is often sold for high prices on the cyber black market.
• Difficulty of detection: Because they are unknown, zero-day flaws are difficult to detect by conventional security systems.
• Potential for significant harm: Depending on the nature of the vulnerability, attackers could gain unauthorized access to systems, steal sensitive data, or compromise the integrity of devices and entire networks.

In the case of the flaw discovered in Qualcomm processors, the situation is particularly worrying due to the wide distribution of these chips in various mobile and computing devices.

For end users, the best protection against zero-days is to keep your devices up to date with the latest security patches and to be cautious when interacting with content or applications from unknown sources.