Qualcomm has published a doc about a vulnerability affecting many Snapdragon-powered Android smartphones. This is what is known as a zero-day vulnerability. Basically, that means that the security flaw was discovered and exploited before the company could fix it.
This vulnerability was officially designed at CVE-2024-43047, which was found in a specific component of Qualcomm’s chipsets. Of course, Qualcomm will not disclose the exact details of the flaw, as those who haven’t updated their phones could still be exposed. However, the vulnerability basically allowed hackers to take control of people’s phones, including stealing personal information, spying on users, and even installing malware.
Over 64 different Snapdragon chipsets are affected
The list of processors that are affected is quite large; we’re looking at 64 different chipsets. Qualcomm has published the list of affected chipsets, including the current flagship Snapdragon 8 Gen 3, as well as older chipsets like the Snapdragon 865. A good number of these are additional chipsets that are included in the processing unit, like the FastConnect 6700, which houses WiFi, Bluetooth, etc.
As soon as Qualcomm learned of the vulnerability, they were able to push out a security update to fix the security hole. The patch was shared with phone manufacturers, who then released it to their customers, which is the way the system is supposed to work.
How to protect yourself
While this is pretty scary, there are ways that you can protect yourself, and keep your phone protected.
Firstly, make sure your software is up-to-date. Head into Settings > About > Software Update, and make sure that you are on the latest version, whether you have a phone that is affected or not. Software updates can sometimes be a nuisance, but it is still better than having a hacker hack into your phone, steal your info, and install some malware.
Next, make sure you’re using strong passwords. As much as passwords are another annoyance, creating complex passwords that are unique for each device and account, means it’s harder for hackers to guess them and get into your account.
You should also avoid sideloading apps, and using unofficial app stores. While the ability to sideload APKs is nice and all, that is an easy way to get malware installed onto your phone. We recommend only downloading apps from the Google Play Store. As the apps in there are checked for such things, thanks to Google Play Protect.
Finally, be aware of phishing attempts. Now there is a difference between phishing and spam. Phishing is an attempt to get info from the user, while spam is just junk mail and it’s really not harmful. If you get an email or text that looks suspicious, do not click any links in it. You will also want to check out the email address from which it came very carefully. Hackers will sometimes switch up letters, like switching an “o” for a “0” or a lowercase l for an uppercase I.
That’s really what the average user can do, unfortunately. Of course, the most important thing is to make sure you install all software updates you receive.
