Security experts have detected a serious vulnerability in millions of smartphones and tablets equipped with Qualcomm chips, including the famous Snapdragon. Update your device as soon as the patch is available!
A critical security flaw has been discovered in Android smartphones equipped with certain chips manufactured by Qualcomm. Known as CVE-2024-43047, this vulnerability affects millions of users around the world. It allowed hackers to exploit smartphones by targeting specific devices before the problem was identified. Qualcomm, which makes these chips, confirmed the threat and began rolling out patches to protect vulnerable devices.
This zero-day flaw, that is to say a vulnerability unknown to developers at the time of its exploitation, was first reported by Google Project Zero, a team of cybersecurity experts specializing in the search for critical flaws , and by Amnesty International Security Lab, which is dedicated to protecting digital rights and fighting surveillance. Their joint work discovered that the flaw had already been used by hackers in limited and targeted attacks. These hacking campaigns targeted specific individuals, but it remains unclear exactly who the targets were and for what purpose these attacks were carried out.
Qualcomm flaw: 64 chip models affected
As reported by the specialist site TechCrunch, this flaw affects 64 models of Qualcomm processors, including very widespread chips, such as the Snapdragon 8 Gen 1, used in several popular smartphones. Among the affected devices are models from well-known brands like Samsung, Xiaomi, OnePlus, Oppo, and Motorola. Flagship smartphones and tablets like the Xiaomi 12, the Samsung Galaxy Tab S8, the OnePlus 10 Pro and the Sony Xperia 1 IV, all released in 2022, are potentially vulnerable.
The vulnerability allows attackers to access the memory of infected devices, putting users at risk of data corruption or theft of personal information. However, the attacks appear to have been limited, according to experts at Google and Amnesty, suggesting that the hackers were targeting specific individuals rather than launching massive attacks.
Qualcomm flaw: a fix deployed gradually
Faced with the seriousness of the situation, Qualcomm reacted quickly. In a security bulletin published on October 7, 2024, the American company details the problems caused by the flaw. Above all, it indicates that it has started to deploy patches to correct this vulnerability. These patches have been sent to smartphone manufacturers, who use the vulnerable chips in their devices. It is now up to these manufacturers, which include Samsung, Xiaomi, OnePlus, and Motorola, to distribute security updates to their customers.
However, it may take time to deploy patches. Each smartphone manufacturer must adapt Qualcomm’s updates to its own devices before distributing them via software updates. This process may vary depending on brands and models. For example, some older phones may not receive the patch immediately, or even at all, if manufacturers decide to stop updating them.
It is therefore essential for affected users to regularly check the availability of software updates on their devices. Typically, Android smartphones are set to automatically install security updates, but some users may have disabled this option. If a security patch is available, it is strongly recommended to install it immediately to prevent future exploitation of the vulnerability.
Qualcomm flaw: international experts worried
The discovery of this vulnerability also mobilized several cybersecurity agencies around the world. In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) quickly added the flaw to its list of known and exploited vulnerabilities. It advised Qualcomm and smartphone makers to put corrective measures in place by the end of October 2024. In France, CERT Santé, which monitors cybersecurity threats to health systems, also issued alerts regarding this flaw, highlighting the potential risks to data privacy, although these risks remain relatively low for the general public.
Although patches were quickly deployed, the issue is not fully resolved until all vulnerable devices receive the security update. In addition, there remains uncertainty about the extent of exploitation of this fault. Investigations by Google and Amnesty International are still ongoing, and it cannot be ruled out that other attacks or attempts to exploit this flaw will take place before all devices are protected.
