Qualcomm has confirmed that hackers have exploited a zero-day flaw in its chips used in multiple Android devices.
The semiconductor firm released limited information on the vulnerability in its October security bulletin.
The security exploit, known as zero-day because it was unknown to the manufacturer when it was manipulated, could have been used on an array of phones and devices and although a patch has been issued, the details are relatively vague.
We still don’t know to what extent or how many users have been impacted by the flaw.
Officially designated as CVE-2024-43047, the zero-day vulnerability “may be under limited, targeted exploitation,” said Qualcomm, citing unspecified “indications” from Google’s Threat Analysis Group.
Qualcomm – which recently offered more insight on its AR collaboration with Samsung and Google – also advised it received the same assessment of the situation from Amnesty International’s Security Lab, which strives to protect civil society from digital surveillance and espionage threats.
There is no significant understanding of who was orchestrating the vulnerability in the wild, meaning whoever it was, appears to have targeted individuals in real hacking efforts.
Qualcomm and the researchers are also unaware of who the campaigns were aimed at.
How do I find out if my chip was potentially targeted?
Catherine Baker, a spokesperson for the chip maker, told TechCrunch they commend “the researchers from Google Project Zero and Amnesty International Security Lab for using coordinated disclosure practices,” enabling Qualcomm to focus on the response and to implement fixes for the flaw.
Qualcomm chips are found in Samsung, Motorola, OnePlus, and many more brands’ phones, with a full list of potentially impacted chips available on the company’s security explainer page.
To check if your device was potentially targeted by hackers, you’ll need to compare your chip to the full list.
You can find your CPU on your Android phone by navigating to Settings, then selecting System, and tapping on the option for About phone or About device.
On this screen, you should see your chip listed under Processor.
Image credit: Via Ideogram
The post Qualcomm confirms zero-day flaw exploited to target Android devices appeared first on ReadWrite.
