Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Qualcomm. Show all posts
Zero Day
Amnesty International Android Google Qualcomm Vulnerabilities and Exploits Zero Day

Millions of Android Devices at Risk, New Chip Bug Exploited in Targeted Attacks

 



Overview of the Exploit

Hackers recently leveraged a serious security weakness, said to be a "zero-day," that exists within the Qualcomm chipsets used in many popular Android devices. Qualcomm confirmed that at the time they were first exploited by hackers, they were unaware of the bug, which was tracked under CVE-2024-43047. This flaw actually existed in real-world cyberattacks where it could have impacted millions of Android users globally.

Vulnerability Details

This zero-day flaw was uncovered in 64 different Qualcomm chipsets, including the highly sought-after flagship Snapdragon 8 (Gen 1), a chipset used by many Android devices from reputable brands such as Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE. In their advisory, Qualcomm states that attackers have been able to exploit the flaw, but the company does not elaborate on who the attackers are or what their motive might be or who they specifically targeted. In light of both Google's Threat Analysis Group (TAG) and the Amnesty International Security Lab investigating the incidents, Qualcomm believes these instances constitute "limited, targeted exploitation," rather than widespread attacks.

Response to Attack

The vulnerability was apparently noticed by the CISA US, who have listed it on their known exploited vulnerabilities list. Qualcomm has issued appreciation to Google Project Zero and Amnesty International's Security Lab for coordinated disclosure of this vulnerability. Through such coordination, Qualcomm has been able to develop its fixes starting from September 2024 that it has since issued to customers, which includes Android device manufacturers operating its own chipsets.

Patch Distribution and User Security

So far, patch development is the task of Android device manufacturers. As Qualcomm has publicly released the fix, users need to ensure that their devices are up to date with respect to security patches from their device manufacturer.

Investigation Continues

The broader investigation into the hack is still going on with Google and Amnesty International digging deeper into the details of the targeted attack. Google TAG didn't have anything further to say, but an Amnesty spokesperson confirmed that it would soon publish more research findings on this vulnerability.

The necessity for security research and collaboration from technology entities and organisations to prevent new threats from happening is highlighted in this case. Android users of devices that use Qualcomm should thus remain vigilant and roll out whichever system updates for now.


Read more »
Vulnerability and Exploits
Android Security CVE vulnerability EOL Google Pixel Phones Kernel Qualcomm Vulnerability and Exploits

Google: Two Major Pixel Vulnerabilities Patched

 

Google has published updates for Android 10, 11, 12, and 12L which include Pixel security patches. The Android Security Bulletin for May offers information about security flaws could affect Android devices. 
 
The Pixel Update Bulletin offers information about security flaws and functional enhancements for concerned Pixel devices. Google Pixel phones are "pure Android" devices. The two bulletins identify significant vulnerabilities as follows : 

  • CVE-2022-20120—Bootloader [Critical] The bootloader has a remote code execution (RCE) flaw. The bootloader on Android is a software program that loads the operating system every time users turn on the phone. It can only load software which has been signed by Google by default. If users unlock the bootloader, though, it will run whatever software you specify. The precise problem hasn't been revealed yet, but based on the scale of access required to exploit it, it may be very serious.
  • CVE-2022-20117— Titan-M[Critical] Titan M has an information disclosure (ID) flaw. Titan M is a security management chip designed specifically for Pixel phones to protect the most sensitive data and os version on the device. Titan M aids the bootloader in ensuring users running the correct Android version. . However, being able to steal data from the portion which is supposed to protect the most sensitive information does not look well. 
  • CVE-2021-35090: Qualcomm[Moderate] Qualcomm chips are the most extensively used in Android smartphones. 9.3 out of 10 for CVSS. Qualcomm has recognized this race condition in Kernel as a Time-of-check Time-of-use (TOC TOU). A potential hypervisor memory corruption owing to a TOC TOU race scenario when changing address mappings was also mentioned. A TOC TOU occurs whenever a resource is tested for a specific value, such as whether or not a file exists, and then the value alters before the asset is utilized, invalidating the check's results. When multiple threads have access to shared data and attempt to update it at the same time, a race condition occurs.
  • CVE-2022-20119 Display/Graphics[High] 
  • CVE-2022-20121 USCCDMService[High] 

The most serious of these issues, according to Google, is a highly secure vulnerability in the Framework component which might lead to local elevation of privilege (EoP) with user execution rights required, although the company does not specify which of the four candidates it is. 

All problems in these bulletins are addressed in security patch versions 2022-05-05 or later for Google and other Android devices. Check and update one Android version to discover how to check a device's security patch level. Experts advise all Android users to update to the most recent version. 

This week, the Pixel 3a and Pixel 3a XL series will acquire its final security updates. When it comes to support, they then reach the End-of-Life (EOL)
Read more »
Vulnerability
40% Android Qualcomm Technology Vulnerability

40% of all Android Phones Affected by Qualcomm Snapdragon Vulnerability

 

Security scientists who believe that a weakness that can be used to insert malicious code mostly on mobile by using the Android operating system itself as a port of entry has recently been reported as a grave security flaw concerning Qualcomm mobile station modems (MSM). The impacted chip(s) would connect nearly 40% of all smartphones, such as Samsung and other OEM's high-end phones, in the world. 

Qualcomm MSM is a 2G, 3G, 4G, and 5G-capable Chip System (SoC) used by several vendors, such as Samsung, Google, LG, OnePlus, and Xiaomi, for approximately 40 percent of cell phones. 

"If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones," as per the Check Point researchers who found the vulnerability tracked as CVE-2020-11292. 

The security vulnerability can also allow attackers to activate the SIM module used to safely store the network authentication information and contact details on mobile devices. 

The criminals have to misuse a stack overflow vulnerability in the Qualcomm MSM Interface (QMI), which is being used by the cellular processors for interface with the software stack, to exploit CVE-2020-11292 and monitor the modem and remotely repair it from the application processor.

Malicious apps could then use the loophole to mask their activities from the modem chip on its own and effectively invisibly track malicious behavior using Android security features. 

"Going forward, our research can hopefully open the door for other security researchers to assist Qualcomm and other vendors to create better and more secure chips, helping us foster better online protection and security for everyone." 

Following the study, Qualcomm produced security patches to resolve the security problem CVE-2020-11292 and delivered them to all affected vendors in December 2020, two months later. Qualcomm's priorities are the availability of solutions supporting comprehensive safety and privacy. While in December 2020, Qualcomm Technologies provided OEMs with updates and they encourage end-users to upgrade their devices when patches are available. 

As Qualcomm sent the CVE-2020-11292 patches to OEMs last year, it ought to be safe against efforts to jeopardize any modernized devices for Android users with newer devices often receiving security and system updates. Unfortunately, it might not be that lucky for all those who didn't upgrade to a new smartphone promoting newer Android launches over the last few years. 

Given the reality, about 19% of all Android devices run Android Pie 9.0 (launched in August 2018) and over 9% Android 8.1 Oreo (launched in December 2017) as per the Stat Counter data. 

Last year Qualcomm rectified the Digital Signal Processor Chip (DSP), which allows attackers to monitor smartphones, spy on the users, and build immovable malware which can avoid detection, with much more vulnerabilities that could impact Snapdragon. 

KrØØk was also repaired by Qualcomm in July 2020, a security bug that can be used to decipher certain WPA 2 encrypted wireless network packets. In 2019, yet another bug was fixed which enabled access to sensitive data and two faults in the SoC WLAN firmware that permitted over the air compromise of the modem and kernel.
Read more »
Subscribe to: Posts (Atom)