Qualcomm acknowledged this week that hackers exploited a zero-day bug. This vulnerability was unknown to the manufacturer at the time it was exploited. The breach was discovered in dozens of chipsets used in millions of Android smartphones around the world.
The San Diego company also said a patch was sent to OEMs last month and called the attack a “limited and targeted exploit.”
The vulnerability affected 64 Qualcomm chips. These include the Snapdragon 8 Gen 1 SoC used in flagship devices such as the Samsung Galaxy S22 Ultra, OnePlus 10 Pro, Sony Xperia 1 IV, Oppo Find X5 Pro, Honor Magic4 Pro, and Xiaomi 12. This list also includes Snapdragon modems and FastConnect modules used for Bluetooth and Wi-Fi connectivity.
A company spokesperson said Qualcomm has already distributed the patch, but it’s up to smartphone manufacturers to decide whether to release it to customers. Amnesty International’s Security Lab confirmed the Google Threat Analysis Group’s assessment that the problem is serious.
An Amnesty International spokesperson said a comprehensive investigation into who was at fault and who may have exploited the vulnerability “will be published shortly”. Investigations by organizations such as Google and Amnesty International mean the hacking campaign may have targeted specific individuals rather than large groups of users.
via
