Beware if you are using a device equipped with a Qualcomm chip: several security flaws have been discovered in the firmware of ARM-based CPUs. According to cybersecurity experts, the impact is massive, especially on tablets and laptops from Microsoft, Samsung or Lenovo. Several of these flaws pose a severe risk to users.
Qualcomm may produce some of the best processors on the market, but they are not immune to security vulnerabilities. Problem, the chips propelling several million devices around the world, it is just as many users who expose themselves to serious consequences when one of these vulnerabilities is exploited by a malicious individual.
Unfortunately for the latter, the cybersecurity firm Binarly recently made some disturbing discoveries. By analyzing the firmware of Lenovo Thinkpad X13s computers, experts have indeed found traces of 9 vulnerabilities in total. However, of these 9 vulnerabilities, 5 relate more specifically to the Qualcomm processor that equips the laptop PC. In fact, many other devices are affected by this flaw.
On the same subject – Android: a Qualcomm CPU security flaw affects millions of smartphones
Update your devices with an updated Qualcomm chip as soon as possible
According to Binarly, the Microsoft Surface ARM, as well as several Samsung devices or even certain PCs from the Volterra project are also impacted by the discovery. “According to Qualcomm’s opinion, the number of chips affected is considerable”, said Alex Matrosov, CEO of Binarly, to our colleagues at SecurityWeek. The latter adds that a hacker who has located these flaws can use them to execute code remotely. This is the case for 3 vulnerabilities, considered at “serious risk”.
Other security vulnerabilities have been classified at “medium risk”, and can lead to data leaks. According to Qualcomm, these vulnerabilities have been present in the firmware of its chips since November. It is therefore imperative to update your device as soon as it offers you a fix. According to Alex Matrosov, this is the first security flaw of this magnitude on ARM-based Snapdragons.
Source: SecurityWeek