Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too
The Register ^ | 1/6/18 | Shaun Nichols

Posted on 01/05/2018 6:07:45 PM PST by markomalley

Qualcomm has confirmed its processors have the same security vulnerabilities disclosed this week in Intel, Arm and AMD CPU cores this week.

The California tech giant picked the favored Friday US West Coast afternoon "news dump" slot to admit at least some of its billions of Arm-compatible Snapdragon system-on-chips and newly released Centriq server-grade processors are subject to the Meltdown and/or Spectre data-theft bugs.

"Qualcomm Technologies, Inc is aware of the security research on industry-wide processor vulnerabilities that have been reported," a spokesperson for Qualcomm told The Register.

"Providing technologies that support robust security and privacy is a priority for Qualcomm, and as such, we have been working with Arm and others to assess impact and develop mitigations for our customers."

She continued:

We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to work to strengthen them as possible. We are in the process of deploying these mitigations to our customers and encourage people to update their devices when patches become available.

Qualcomm declined to comment further on precisely which of the three CVE-listed vulnerabilities its chips were subject to, or give any details on which of its CPU models may be vulnerable. The paper describing the Spectre data-snooping attacks mentions that Qualcomm's CPUs are affected, while the Meltdown paper doesn't conclude either way.

Qualcomm uses a mix of customized off-the-shelf Arm cores and its homegrown Arm-compatible CPUs in its products, which drive tons of Android-based smartphones, tablets, and other devices. A selection of Arm Cortex-A and Cortex-R CPU core designs are vulnerable to the CVE-2017-5753 and CVE-2017-5715 Spectre vulnerabilities, but only one – the Cortex-A75 – is also vulnerable to the easily exploitable CVE-2017-5754 Meltdown flaw. The A75 is not in any shipping product at the moment.

Qualcomm will use that A75 core for its Snapdragon 845, while other Snapdragon lines list the A53 and A72, which are only vulnerable to the two Spectre variants. As we said, Qualcomm uses a mix of custom and off-the-shelf cores; they are probably affected by Spectre, and maybe Meltdown. Qualy won't clarify either way.

Look out for operating system updates – particularly Android and Linux – to install on your Qualcomm-powered devices and machines.

Apple, which too bases its iOS A-series processors on Arm's instruction set, said earlier this week that its mobile CPUs were vulnerable to Spectre and Meltdown – patches are available or incoming for iOS. The iGiant's Intel-based Macs also need the latest macOS, version 10.13.2 or greater, to kill off Meltdown attacks. ®


TOPICS: Computers/Internet
KEYWORDS: apple; intelprocessor; iphone; qualcomm
Navigation: use the links below to view more comments.
first 1-2021-27 next last
Well, there goes the cellphone as well as the laptop and the desktop...
1 posted on 01/05/2018 6:07:45 PM PST by markomalley
[ Post Reply | Private Reply | View Replies]

To: markomalley

I’m guessing this is indirect proof that the claims the CIA infiltrated Silicon Valley as a means of infiltrating John Q Public are true and perhaps this “revelation” is a result of some swamp draining. OR is it a bold move by the Silicon sellouts to FILL the swamp?:/


2 posted on 01/05/2018 6:12:15 PM PST by ransomnote
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

How is it that they can all have the same type vulnerability? It all seems very suspicious to say the least.


3 posted on 01/05/2018 6:12:53 PM PST by smokingfrog ( sleep with one eye open (<o> ---)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ransomnote

Now you know why Trump is banning use of cell phones on White House Property.


4 posted on 01/05/2018 6:14:28 PM PST by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: markomalley

Yes its called a back door and they all have it. Probably more than one.


5 posted on 01/05/2018 6:21:02 PM PST by cdpap
[ Post Reply | Private Reply | To 1 | View Replies]

To: markomalley

So what is the shared code/architecture?


6 posted on 01/05/2018 6:41:15 PM PST by VeniVidiVici
[ Post Reply | Private Reply | To 1 | View Replies]

To: cdpap
IOW, you cannot name the part of the Constitution which delegates that power to Congress, so you run from the question.

So why did the feds pay a million dollars to hack into parts of an iPhone 5s, if they all have back doors?

7 posted on 01/05/2018 7:01:11 PM PST by itsahoot (As long as there is money to be divided, there will be division.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: itsahoot
So why did the feds pay a million dollars to hack into parts of an iPhone 5s, if they all have back doors?

In the PR business, a million bucks is chicken feed, a few posters stuck up on fences and the sides of buildings like they used to stick up around town when he circus was coming.

When you also consider the fact that if they had done anything else everyone would know the iPhone encryption was all smoke and mirrors if the government wants your information, it's not only chicken feed, it's dirt cheap at ten times that price.

8 posted on 01/05/2018 7:10:53 PM PST by Rashputin (Jesus Christ doesn't evacuate His troops, He leads them to victory !!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: ransomnote

I apologize for the wording. Let me rephrase that.

Now WE know why Trump is banning use of cell phones on White House Property.


9 posted on 01/05/2018 7:44:28 PM PST by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: markomalley
the same security vulnerabilities disclosed this week in Intel, Arm and AMD CPU cores this week

Not trying to change the subject, but doesn't anyone edit their work any more?

10 posted on 01/05/2018 7:45:26 PM PST by NutsOnYew (If the world was perfect, it wouldn't be.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UCANSEE2

The first version (wording) was fine for me, thanks.


11 posted on 01/05/2018 8:08:00 PM PST by ransomnote
[ Post Reply | Private Reply | To 9 | View Replies]

To: smokingfrog

It’s a feature, not a flaw.


12 posted on 01/05/2018 8:09:29 PM PST by ransomnote
[ Post Reply | Private Reply | To 3 | View Replies]

To: markomalley

Without Trump in office, against the odds of him ever getting there, we wouldn’t be finding out about this “vulnerability.” This kind of intrusion is CIA based and they do want him dead or otherwise out of office so this plan of theirs can continue. I for one pray to God often for the continued survival of Pres. Trump, his family, the military, and any others currently pushing back against the deep state.


13 posted on 01/05/2018 8:12:36 PM PST by ransomnote
[ Post Reply | Private Reply | To 1 | View Replies]

To: ransomnote

More likely the result of too few foundries in the U.S. and too many in China and SE Asia.


14 posted on 01/05/2018 8:30:52 PM PST by G Larry (There is no great virtue in bargaining with the Devil)
[ Post Reply | Private Reply | To 2 | View Replies]

To: smokingfrog

Where are the chip foundries?

China & SE Asia.

It’s not too hard to predict of figure out.


15 posted on 01/05/2018 8:32:28 PM PST by G Larry (There is no great virtue in bargaining with the Devil)
[ Post Reply | Private Reply | To 3 | View Replies]

To: G Larry

nope

http://thechipsource.com/microchip-technologies-where-they-are-made.html


16 posted on 01/05/2018 9:31:30 PM PST by smokingfrog ( sleep with one eye open (<o> ---)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Rashputin
In the PR business, a million bucks is chicken feed

When the Government does it is not PR it is Propaganda. I however doubt they have cracked the iPhone, in any case it won't be mine I don't have a cell phone at all.

17 posted on 01/05/2018 9:38:35 PM PST by itsahoot (As long as there is money to be divided, there will be division.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: G Larry

There are only 4-5 decent foundries world wide for process technology smaller than 22 nm.
From best to worst

Intel
TSMC
Samsung
Global Foundry
UMC

Intel (Portland, OR and Phoenix, AZ)
Qualcomm uses both TSMC and UMC (Taiwan)
AMD and IBM use Global Foundry (Germany, NY)
Samsung does stuff for lots of companies but only recently moved into advanced sub micron (South Korea)

No advanced fab is in China although they are trying to get something going.


18 posted on 01/05/2018 9:45:39 PM PST by Zathras
[ Post Reply | Private Reply | To 15 | View Replies]

To: ransomnote

Reminds me of something to do with telephones (I think back in the 90’s) that were supposed to have a backdoor chip on them... and something about TV boxes (or VCRs?!) that had hidden cameras and microphones.


19 posted on 01/05/2018 11:36:33 PM PST by Bikkuri
[ Post Reply | Private Reply | To 13 | View Replies]

To: Bikkuri

Back in the 90’s it was revealed that cable television services could detect people in the room and this was technology developed for Neilson ratings collection; the technology could match family members registered with Neilson ratings collection with the programing they actually watched.

And about 10 years ago there was an uproar because a top level meeting in Tibet re Dali Lama was infiltrated by china remotely activating the microphones on laptops being used in a meeting. No indication to user given (no indicator light etc.)


20 posted on 01/05/2018 11:43:36 PM PST by ransomnote
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-27 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson