Qualcomm has confirmed that hackers have exploited a zero-day vulnerability in its chipsets, affecting millions of Android smartphones worldwide. The vulnerability, unknown to Qualcomm when it was first abused, was discovered in dozens of chipsets.
The company revealed that it had sent a patch to OEMs last month, describing the attack as “limited and targeted.” The breach affected 64 Qualcomm chips, including the Snapdragon 8 Gen 1 SoC, found in flagship devices such as the Samsung Galaxy S22 Ultra, OnePlus 10 Pro, Sony Xperia 1 IV, Oppo Find X5 Pro, Honor Magic4 Pro, and Xiaomi 12. It also impacted Snapdragon modems and FastConnect modules responsible for Bluetooth and Wi-Fi connectivity.
A Qualcomm spokesperson confirmed that while the company has issued a patch, it is up to the smartphone manufacturers to distribute it to their users. Amnesty International’s Security Lab and Google’s Threat Analysis Group assessed the vulnerability as serious.
An Amnesty International spokesperson noted that a comprehensive report on the responsible parties and the potential targets of the hack will be released soon. The investigation suggests that the hacking campaign targeted specific individuals rather than a broad user base.