Qualcomm confirms 'targeted' zero-day chip exploit in numerous Android phones

The Qualcomm logo at MWC 2024
(Image credit: Android Central)

What you need to know

  • According to reports, Qualcomm confirmed that several of its chips, such as the Snapdragon 8 Gen 1, experienced a zero-day exploit.
  • The attack seemed "limited" and "targeted," though Qualcomm does not know who it affected, only that devices from Samsung, Motorola, OnePlus, and more are involved.
  • Qualcomm confirmed that it fixed the zero-day bug in September 2024, but more information will surface from Amnesty International's research.

Qualcomm and two more important parties step forward with information about a "zero-day" attack on Android.

The chipmaker detailed on its Security Bulletin that it provided a fix for a "CVE-2024-43047" issue (via TechCrunch). The zero-day vulnerability wasn't stated as a widespread issue, instead, Qualcomm states it was a "limited, targeted exploitation." Of course, this issue caught the attention of Google and Amnesty International's Security Lab. Both companies have reportedly started investigating "the use" of the attack.

Google Threat Analysis Group delivered "indications" to Qualcomm about this issue before it took action. The report states Amnesty "confirmed" the Analysis Group's initial suspicions about the zero-day bug.

TechCrunch heard from Amnesty's spokesperson Hajira Maryam, who said the company is working on a research paper about the issue, "due to be out soon." Right now, nothing is certain about the purpose behind this exploit — and who it may have targeted. Qualcomm did confirm that the attack affected 64 of its SoCs like the Snapdragon 8 Gen 1.

Moreover, the company states the problem concerns Samsung, Motorola, Xiaomi, OnePlus, OPPO, and ZTE devices. While we're getting confirmation now, the issue has reportedly been rectified. A Qualcomm spokesperson informed the publication that "fixes have been made available to our customers as of September 2024."

Severe vulnerabilities are (unfortunately) a possibility with tech and Qualcomm suffered a WLAN exploit in 2019. "QualPwn" was its name and allowed would-be attackers unsanctioned access to a device via WLAN and its cell Modem remotely. The exploit was able to bypass Qualcomm's use of Secure Boot. Once inside, it was reported that attackers could've gone deeper into Android's kernel and accessed user's data.

A similar incident occurred with Pixel and Galaxy phones with Samsung's Exynos modem last year. Attackers could've gained remote access via the modem to compromise a device and deal damage.

The good news with this current 2024 incident is Qualcomm has already fixed it (as of September) thanks to Google and Amnesty's help. What's to come to concrete information about who the attack may have targeted and the extent of its damage.

Nickolas Diaz
News Writer

Nickolas is always excited about tech and getting his hands on it. Writing for him can vary from delivering the latest tech story to scribbling in his journal. When Nickolas isn't hitting a story, he's often grinding away at a game or chilling with a book in his hand.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A statue of the multicolored "G" in Google on the Google campus in Mountain View
Google warns Android users of a zero-day software exploit causing instability
Qualcomm 8 years support for phones
Qualcomm and Google just announced a major update to Android updates
Google Pixel 9 Pro and Pixel 9 Pro XL angled view
Google's crucial February security patch for Pixels is here among other updates
Android System Update
What does Qualcomm and Google's 8-year Android support promise mean for us?
Android System Update
Samsung rolls out a new update ahead of the big One UI 7 launch
Holding the Nothing Phone (2a) with Nothing Phone (1) and Nothing Phone (2) in the background
Nothing's Qualcomm teaser might signify a budget SoC for the Phone 3a
Latest in Phones
The Samsung Galaxy S25 Edge on display
New leak shows off Samsung Galaxy S25 Edge in 'Titanium' variants
The back of the Obsidian Google Pixel 9 Pro
Some Pixel owners had a delayed start, thanks to alarm clock failures
Holding an Obsidian Google Pixel 9 Pro
That's not a typo — this Google Pixel 9 Pro deal from Amazon makes Black Friday look like a joke
Leaked image of a blue Galaxy Z Flip 7
New Galaxy Z Flip 7 case leak backs rumors of a larger cover display
Android Central's Lloyd sitting at a computer desk
Editor's Desk
Samsung Galaxy Z Fold 6 on cobblestone road
One UI 7 Beta 3 for the Galaxy Z Flip 6, Fold 6 brings two notable AI additions
Latest in News
The promotional image for Google Workspace feature drops.
The March Workspace feature drop upgrades Gemini's note-taking and translation tools
The Samsung Galaxy S25 Edge on display
New leak shows off Samsung Galaxy S25 Edge in 'Titanium' variants
YouTube Music home screen
YouTube Music's personalized radio stations are getting even smarter
The back of the Obsidian Google Pixel 9 Pro
Some Pixel owners had a delayed start, thanks to alarm clock failures
Samsung Galaxy S25 Ultra Home Screen - 16x9
Heads up — Samsung's detailed One UI 7 rollout schedule for Galaxy appears
The old Android logo at Google's Pier 57 building in New York City
Report claims Google may move to 'privately' develop Android's future