Qualcomm acknowledged that hackers took advantage of a zero-day bug—a vulnerability unknown to the company at the time of misuse.
The security breach impacted dozens of chipsets found in millions of Android smartphones globally.
According to TechCrunch, the San Diego-based chipmaking company also disclosed that a patch was distributed to Original Equipment Manufacturers (OEMs) last month, describing the incident as “limited, targeted exploitation.”
The zero-day vulnerability, officially designated CVE-2024-43047, impacted 64 Qualcomm chips, including the Snapdragon 8 Gen 1 chip, which powers high-end devices like the Samsung Galaxy S22 Ultra, OnePlus 10 Pro, Sony Xperia 1 IV, Oppo Find X5 Pro, Honor Magic4 Pro, Xiaomi 12, among others.
Android devices using these chips are at risk:
- Snapdragon 660 Mobile Platform
- Snapdragon 680 4G Mobile Platform
- Snapdragon 685 4G Mobile Platform (SM6225-AD)
- Snapdragon 8 Gen 1 Mobile Platform
- Snapdragon 865 5G Mobile Platform
- Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
- Snapdragon 870 5G Mobile Platform (SM8250-AC)
- Snapdragon 888 5G Mobile Platform
- Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
The vulnerability also extended to Snapdragon modems and FastConnect modules responsible for Bluetooth and Wi-Fi connections.
A Qualcomm spokesperson announced that the company has already issued a patch, but the deployment to end-users depends on the smartphone manufacturers. Amnesty International’s Security Lab corroborated an assessment by Google’s Threat Analysis Group, indicating the severity of the issue.
An Amnesty International representative stated that detailed research identifying the parties responsible and potential exploiters of this vulnerability is forthcoming.
The involvement of entities like Google and Amnesty suggests that the hacking efforts were likely directed at specific individuals rather than the general user base.