Latest Firmware Flaws in Qualcomm Snapdragon Need Attention

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://www.darkreading.com/dr-tech/firmware-vulnerability-in-chips-helps-hackers-take-control-of-systems
A security company is leading the coordinated vulnerability disclosure of multiple high-severity vulnerabilities in the Qualcomm Snapdragon chipset. The vulnerabilities were identified in the Unified Extensible Firmware Interface (UEFI) firmware reference code and impacts ARM-based laptops and devices using Qualcomm Snapdragon chips, according to Binarly Research.

Qualcomm disclosed the vulnerabilities on Jan. 5, along with links to available patches. Lenovo has also issued a bulletin and a BIOS update to address the flaws in affected laptops. However, two of the vulnerabilities are still not fixed, Binarly noted.

If exploited, these hardware vulnerabilities allow attackers to gain control of the system by modifying a variable in nonvolatile memory, which stores data permanently, even when a system is turned off. The modified variable will compromise the secure boot phase of a system, and an attacker can gain persistent access to compromised systems once the exploit is in place, says Alex Matrosov, founder and CEO of Binarly. "Basically, the attacker can manipulate variables from the operating system level," Matrosov says.
Click to expand...
Secure boot is a system deployed in most PCs and servers to ensure that devices start properly. Adversaries can take control of the system if the boot process is either bypassed or under their control. They can execute malicious code before the operating system is loaded. Firmware vulnerabilities are like leaving a door open — an attacker can gain access to system resources as and when they please when the system is switched on, Matrosov says. "The firmware piece is important because the attacker can gain very, very interesting persistence capabilities, so they can play for the long term on the device," Matrosov says.

The flaws are notable because they affect processors based on the ARM architecture, which are used in PCs, servers, and mobile devices. A number of security problems have been discovered on x86 chips from Intel and AMD, but Matrosov noted that this disclosure is an early indicator of security flaws existing in ARM chip designs.
Click to expand...
www.darkreading.com

Latest Firmware Flaws in Qualcomm Snapdragon Need Attention

The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations.
www.darkreading.com www.darkreading.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: vtqhtr413, Gandalf_The_Grey, harlan4096 and 2 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks
Replies
0
Views
599
News Archive
silversurfer
silversurfer
Ink
    • Like
    • +Reputation
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Replies
0
Views
950
News Archive
Ink
Ink
CyberTech
    • Like
    • +Reputation
Security News LogoFAIL bugs in UEFI code allow planting bootkits via images
Replies
2
Views
1,830
Security News
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top