• Home
  • Mobiles
  • Mobiles News
  • Qualcomm Patches Critical Security Flaw That Affects 46 Chipsets, but Millions of Devices Still Vulnerable

Qualcomm Patches Critical Security Flaw That Affects 46 Chipsets, but Millions of Devices Still Vulnerable

Qualcomm Patches Critical Security Flaw That Affects 46 Chipsets, but Millions of Devices Still Vulnerable

Qualcomm has issued firmware patches earlier this month, but millions of devices are still vulnerable

  • Qualcomm's chipsets had a security vulnerability which has been patched
  • 46 Qualcomm chipsets were affected due to the security flaw
  • Android April 2019 security update includes a fix for the flaw

Qualcomm chipsets are used in a wide range of smartphones, tablets, and other devices. The company's chipsets power millions of devices across the world. But even the most powerful chipsets can be prone to flaws. A new vulnerability has been discovered in Qualcomm's chipsets that could allow an attacker to gain root access on the device. The flaw affects 46 Qualcomm chipsets which are currently used in several smartphones, tablets, laptops, and smartwatches.

The security bug (CVE-2018-11976) can enable an attacker to gain access to private data and even encryption keys stored in the Qualcomm Secure Execution Environment (QSEE). Qualcomm has patched the flaw earlier this month, tagging it as 'critical'.

The flaw was first discovered in March last year by Keegan Ryan, a security researcher with NCC Group, as reported by ZDNet. Ryan has also published a white paper, explaining the flaw. He claims he was able to grab private security keys using a rooted Nexus 5X smartphone.

Google has added the fix as a part of its April 2019 security patches, but Android manufacturers are known to be lazy about pushing security patches to its consumers. This means a large number of Android devices using these Qualcomm chipsets are still prone to the security vulnerability.

The Qualcomm Security Executive Environment (QSEE) offers a safe environment to process critical data including private encryption keys and passwords. Only the app that stored the data in QSEE can access it, preventing malicious apps from accessing the sensitive data.

QSEE was created to prevent anyone from gaining complete access to a device, but the latest security flaw defeats that purpose entirely. To exploit the vulnerability, an attacker needs root access on a device which isn't quite impossible.

The flaw affects popular Qualcomm chips used on smartphones such as: Snapdragon 200 series, Snapdragon 400 series, Snapdragon 625, Snapdragon 660, Snapdragon 670, Snapdragon 710, Snapdragon 820, Snapdragon 835, and Snapdragon 845. Qualcomm has listed all the affected chipsets in its security bulletin.

Ryan said he has notified Qualcomm about the flaw last year. Earlier this month, Qualcomm had patched the vulnerability and it's now up to device manufacturers to quickly deploy Google's Android April 2019 security update.

In case you own a device that uses any of these 46 affected Qualcomm chips, make sure you upgrade to the Android April 2019 security patch as soon as it's made available by your phone's manufacturer.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Qualcomm, Snapdragon, Android
Harpreet is the community manager at Gadgets 360. He loves all things tech, and can be found hunting for good deals when he is not shopping online. He has written about deals and e-commerce in India for many years, as well as covering social media and breaking technology news. More
Facebook Sues New Zealand Company to Thwart Fake Likes
The Best Movies on Netflix in India

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment




© Copyright Red Pixels Ventures Limited 2022. All rights reserved.
Listen to the latest songs, only on JioSaavn.com