Last week it was widely reported that two severe vulnerabilities were found in Intel chips, either of which could permit attackers to gain unauthorized access to a computer’s memory. The first vulnerability, Meltdown (CVE-2017-5754), can effectively remove the barrier between user applications and sensitive parts of the operating system. The second vulnerability, Spectre (CVE-2017-5753 and CVE-2017-5715), can trick vulnerable applications into leaking their memory contents. Of the two, Meltdown poses the greater threat because it is easier to exploit and affects all kinds of computers, including personal computers and virtual machines in the cloud.
Meltdown and Spectre affect nearly all modern processors, including chips from Intel, AMD, and those with ARM-based architectures such as Qualcomm’s, and can only be mitigated through operating system patches. The good news is that chips on mobile devices, of which Qualcomm is the leader, may have less exposure to risk than chips on PCs or virtual machines.
Qualcomm President Cristiano Amon has been quoted as saying that the recent Meltdown and Spectre security flaws are not concerns for the company and the mobile industry. According to TechCrunch, which reported the Qualcomm President’s quotes, Amon said, “There are a few things that are unique about the mobile ecosystem. Users download from an app store. On top of that, the impact you had on Android and ARM — we had patches that got released as early as December to some OEMs.” The report also adds that according to the Qualcomm President, “this is not an area of concern for us and the mobile ecosystem.” Moreover, Google said in a blog post that all Android devices with the latest security update are protected.
This affirmation by Qualcomm was a collective sigh of relief for many smartphone users. It is also important to Trustlook, as we work closely with Qualcomm to power advanced security solutions. Our software solutions, called SECUREai MP App and SECUREai MP Token, work in concert with the Qualcomm HavenTM Security Platform on Snapdragon chips, giving them unprecedented, built-in security features. This level of security is made possible by designing the security into the chip, and cannot be matched by software-based solutions.
Regardless of how unlikely it is for Qualcomm-powered smartphones to be impacted by Meltdown or Spectre, it is important to install the latest security updates as soon as they’re available. It won’t take long for bad actors to start exploiting these vulnerabilities, as much of the sample code has already been released to the public.