Posted on 01/05/2018 6:07:45 PM PST by markomalley
Qualcomm has confirmed its processors have the same security vulnerabilities disclosed this week in Intel, Arm and AMD CPU cores this week.
The California tech giant picked the favored Friday US West Coast afternoon "news dump" slot to admit at least some of its billions of Arm-compatible Snapdragon system-on-chips and newly released Centriq server-grade processors are subject to the Meltdown and/or Spectre data-theft bugs.
"Qualcomm Technologies, Inc is aware of the security research on industry-wide processor vulnerabilities that have been reported," a spokesperson for Qualcomm told The Register.
"Providing technologies that support robust security and privacy is a priority for Qualcomm, and as such, we have been working with Arm and others to assess impact and develop mitigations for our customers."
She continued:
We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to work to strengthen them as possible. We are in the process of deploying these mitigations to our customers and encourage people to update their devices when patches become available.
Qualcomm declined to comment further on precisely which of the three CVE-listed vulnerabilities its chips were subject to, or give any details on which of its CPU models may be vulnerable. The paper describing the Spectre data-snooping attacks mentions that Qualcomm's CPUs are affected, while the Meltdown paper doesn't conclude either way.
Qualcomm uses a mix of customized off-the-shelf Arm cores and its homegrown Arm-compatible CPUs in its products, which drive tons of Android-based smartphones, tablets, and other devices. A selection of Arm Cortex-A and Cortex-R CPU core designs are vulnerable to the CVE-2017-5753 and CVE-2017-5715 Spectre vulnerabilities, but only one the Cortex-A75 is also vulnerable to the easily exploitable CVE-2017-5754 Meltdown flaw. The A75 is not in any shipping product at the moment.
Qualcomm will use that A75 core for its Snapdragon 845, while other Snapdragon lines list the A53 and A72, which are only vulnerable to the two Spectre variants. As we said, Qualcomm uses a mix of custom and off-the-shelf cores; they are probably affected by Spectre, and maybe Meltdown. Qualy won't clarify either way.
Look out for operating system updates particularly Android and Linux to install on your Qualcomm-powered devices and machines.
Apple, which too bases its iOS A-series processors on Arm's instruction set, said earlier this week that its mobile CPUs were vulnerable to Spectre and Meltdown patches are available or incoming for iOS. The iGiant's Intel-based Macs also need the latest macOS, version 10.13.2 or greater, to kill off Meltdown attacks. ®
I’m guessing this is indirect proof that the claims the CIA infiltrated Silicon Valley as a means of infiltrating John Q Public are true and perhaps this “revelation” is a result of some swamp draining. OR is it a bold move by the Silicon sellouts to FILL the swamp?:/
How is it that they can all have the same type vulnerability? It all seems very suspicious to say the least.
Now you know why Trump is banning use of cell phones on White House Property.
Yes its called a back door and they all have it. Probably more than one.
So what is the shared code/architecture?
So why did the feds pay a million dollars to hack into parts of an iPhone 5s, if they all have back doors?
In the PR business, a million bucks is chicken feed, a few posters stuck up on fences and the sides of buildings like they used to stick up around town when he circus was coming.
When you also consider the fact that if they had done anything else everyone would know the iPhone encryption was all smoke and mirrors if the government wants your information, it's not only chicken feed, it's dirt cheap at ten times that price.
I apologize for the wording. Let me rephrase that.
Now WE know why Trump is banning use of cell phones on White House Property.
Not trying to change the subject, but doesn't anyone edit their work any more?
The first version (wording) was fine for me, thanks.
It’s a feature, not a flaw.
Without Trump in office, against the odds of him ever getting there, we wouldn’t be finding out about this “vulnerability.” This kind of intrusion is CIA based and they do want him dead or otherwise out of office so this plan of theirs can continue. I for one pray to God often for the continued survival of Pres. Trump, his family, the military, and any others currently pushing back against the deep state.
More likely the result of too few foundries in the U.S. and too many in China and SE Asia.
Where are the chip foundries?
China & SE Asia.
It’s not too hard to predict of figure out.
When the Government does it is not PR it is Propaganda. I however doubt they have cracked the iPhone, in any case it won't be mine I don't have a cell phone at all.
There are only 4-5 decent foundries world wide for process technology smaller than 22 nm.
From best to worst
Intel
TSMC
Samsung
Global Foundry
UMC
Intel (Portland, OR and Phoenix, AZ)
Qualcomm uses both TSMC and UMC (Taiwan)
AMD and IBM use Global Foundry (Germany, NY)
Samsung does stuff for lots of companies but only recently moved into advanced sub micron (South Korea)
No advanced fab is in China although they are trying to get something going.
Reminds me of something to do with telephones (I think back in the 90’s) that were supposed to have a backdoor chip on them... and something about TV boxes (or VCRs?!) that had hidden cameras and microphones.
Back in the 90’s it was revealed that cable television services could detect people in the room and this was technology developed for Neilson ratings collection; the technology could match family members registered with Neilson ratings collection with the programing they actually watched.
And about 10 years ago there was an uproar because a top level meeting in Tibet re Dali Lama was infiltrated by china remotely activating the microphones on laptops being used in a meeting. No indication to user given (no indicator light etc.)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.