Overclock.net banner

1 - 11 of 11 Posts

·
sudo apt install sl
Joined
·
7,314 Posts
Discussion Starter #1 (Edited)
Source: https://arstechnica.com/information-technology/2020/08/snapdragon-chip-flaws-put-1-billion-android-phones-at-risk-of-data-theft/

A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomm’s Snapdragon chip, researchers reported this week.

The vulnerabilities can be exploited when a target downloads a video or other content that’s rendered by the chip. Targets can also be attacked by installing malicious apps that require no permissions at all.

From there, attackers can monitor locations and listen to nearby audio in real time and exfiltrate photos and videos. Exploits also make it possible to render the phone completely unresponsive. Infections can be hidden from the operating system in a way that makes disinfecting difficult.

Snapdragon is what’s known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.
Unlike all the Spectre vulnerabilities this one is actually concerning due to the poor support from Android device manufacturers. So glad Google is enforcing project treble for new devices that are shipping with Android 11.
 

·
Registered
Joined
·
3,651 Posts
The whole Mobile ecosystem is a joke.
Seems like the entire basis for security on Android is they expect users to destroy the phone after a year.
 

·
sudo apt install sl
Joined
·
7,314 Posts
Discussion Starter #3
The whole Mobile ecosystem is a joke.
Seems like the entire basis for security on Android is they expect users to destroy the phone after a year.
I'm an Android user but Apple's iOS devices have been getting 5-6 years of support lately. While other manufacturers aside from Google devices only get two years. Haven't followed OnePlus(their support might be longer)

Samsung announced three years of support for some devices this week when they announced their Note 20.
 

·
Registered
Joined
·
782 Posts
I'm an Android user but Apple's iOS devices have been getting 5-6 years of support lately. While other manufacturers aside from Google devices only get two years. Haven't followed OnePlus(their support might be longer)

Samsung announced three years of support for some devices this week when they announced their Note 20.
Samsung only did it because the pricing they are asking for this year's note devices is beyond ridiculous and they are trying to make up for it with an extra year of support, I've been using Note's for a while now (now on Note 9) and right now I'm thinking of giving the iPhone a shot.
 

·
LTSC for life crew
Joined
·
2,877 Posts
This has been a known threat for a while now, maybe close to a year or so. It was initially used on the Saudi Arabian prince mohammad bin salman's phone to grab a ton of his private info & private contacts. IIRC it was the subject on a news thread here on OCN. Anyways, all the attacker has to do is send a video clip with malicious software embedded via text message to begin the process of compromising a target's device. The target doesn't have to open the text on the device and can be completely unaware of what is even happening.

Remember when they used to say there were no Mac OS viruses or malware? Now there is. And for years it was said that there was no Linux malware either. And now that exists as well. Any technology with widespread adoption and lots of use is eventually going to have malicious code written for it.
 

·
AMD Acolyte
Joined
·
1,598 Posts
First Intel, now qualcomm. It's almost like near monopolies are bad, or something.
 

·
Registered
Joined
·
706 Posts
Yep, security researchers tend to turn their attention to looking for flaws on hardware that's installed in the most number of systems/devices where it has the most impact. I do appreciate that these researchers publicly expose these flaws so the relevant companies be made aware of them and can patch or mitigate the vulnerabilities and apply hardware fixes with new steppings or with the next generation architecture.

I do worry when for example, a CPU architecture like AMD's doesn't the receive the same level of scrutiny from security researchers likely because it doesn't have as big of an installed user base compared to the market leader, Intel. While AMD cpus may be a smaller target for malicious hackers, their market share is growing with the success of the Zen architecture. Any flaws that may go on unpatched might be discovered instead by hackers and eventually exploited in the wild with AMD only knowing about them when it's too late.
 

·
Vermin Supreme 2020
Joined
·
25,772 Posts
oh nooooo, 1 billion people should totally just all go buy new BRAND NEW phones.
 

·
LTSC for life crew
Joined
·
2,877 Posts
oh nooooo, 1 billion people should totally just all go buy new BRAND NEW phones.
That would be a heck of a way to drive new device sales numbers. "Sorry your old phone works fine but it's been compromised and it's not our fault so buy the newer model of the one just like yours to be secure again"
 

·
Premium Member
Joined
·
2,401 Posts
99% of the time Apple’s walled garden sucks but it’s times like this that I’m glad I have an IPhone. Thought about going back to Android but crap like this keeps happening I’ll likely stick with Apple
 
1 - 11 of 11 Posts
Top