TrendMicro discovered vulnerabilities in the Qualcomm Snapdragon 800 series, including the 800, 805 and 810 on devices running a 3.10-version kernel. They have privately discussed the issue with Google who have since pushed out updates to resolve these issues on their phones, preventing attackers from gaining root access with a specially crafted app. Unfortunately that is the tip of the iceberg as according to Qualcomm more than a billion devices use Snapdragon processors or modems, many of them IoT devices which have not had this update. With the already fragmented market getting worse as everyone and their dog are now creating IoT devices the chances are very good that your toaster, fridge and other random internet connected devices are vulnerable and will remain so.
You should think twice when considering the balance of convenience and security when you are purchasing internet connected household appliances and other IoT devices. You can see what Slashdot readers think about this here if you so desire.
"Security experts at Trend Micro have discovered a vulnerability in Qualcomm Snapdragon-produced SoC devices. In fact, it is the same vulnerability that cropped up earlier in the month, affecting Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Edge Android handsets. This in itself is concerning as these are devices that are no longer in line for security updates, but more concerning is the fact that the same chips are used in IoT devices."
Here is some more Tech News from around the web:
- Radeon Pro Duo spearheads AMD's push for VR dominance @ The Tech Report
- Microsoft Still Accepts Bitcoin, Apologizes For 'Inaccurate Information' @ Slashdot
- Making proteins talk to silicon electronics @ Nanotechweb
- Watch Open Networking Summit This Week via Free Live Video Stream @ Linux.com
- Negotiations continue on Foxconn Sharp deal @ DigiTimes
- Mozilla will release its Servo browser for alpha testing in June @ The Inquirer
- ARM and TSMC join forces to develop 7nm FinFET technology @ The Inquirer
- Here's what an Intel Broadwell Xeon with a built-in FPGA looks like @ The Register
“Snapdragon? Qualcomm? PFFT,
“Snapdragon? Qualcomm? PFFT, PUH-LEASE!” (c) Kirin-god
When is google going to push
When is google going to push out those updates to everyone running their spyware infested OS? Oh thats right they dont care as long as those ad $$$$ keep rolling in vulnerable or not.
Updates went into the Android
Updates went into the Android source code (and out for Nexus phones) long ago. If you OEM is too lazy (or doesn’t care enough) to actually implement those updates, then go blame them for sucking.
IoT doesn’t tend to push
IoT doesn't tend to push updates, that is what this is about. In many cases the OEM won't even know what you are talking about, they wouldn't have bothered setting up infrastructure to develop or push out updates.
I wouldn’t buy a phone which
I wouldn’t buy a phone which doesn’t allow to install my own build of OS (Android, Tizen, …) by myself. Therefore Windows and iOS phones are out of question.
IoT is going to be PITA.
“I bought some awful light bulbs so you don’t have to”
install a snort box (car
install a snort box (car enough to manage and monitor it) and all MIGHT be ok 😛