Snapdragon chip flaws put Android phones at risk of data theft

This has hit the tech press recently:

Snapdragon chip flaws put >1 billion Android phones at risk of data theft (ArsTechnica)

Over 400 vulnerabilities on Qualcomm’s Snapdragon chip threaten mobile phones’ usability worldwide (CheckPoint)

Note that the headlines are both a little misleading: this isn’t a chip flaw, it’s vulnerabilities in the SDK (Software Development Kit) for the DSP in the Qualcomm Snapdragon chips.

This is pretty bad (read the articles to see how bad). Reportedly, Qualcomm has released a fix, but Google hasn’t incorporated it into Android.

Once Google has updated Android, how will fixes for these “400” vulnerabilities be incorporated into /e/? Will they be available for Nougat and Oreo, or only Pie and “Q”?

First it must be available in AOSP, than in LOS and than it will be available in eOS

We were discussing this issue in the team yesterday . I am assuming there will be a security patch for this. Besides implementing that we will also check if that closes the issue or further fixes in device code would be required. Will update on this thread.

7 Likes

An XDA post had mentioned that a security patch update might not be enough and the OEMs would also need to provide a Vendor Security patch update. Is this correct?

1 Like

This topic was automatically closed after 15 days. New replies are no longer allowed.