January 9, 2018

Qualcomm Chips Less Impacted by Meltdown and Spectre

Qualcomm Chips Less Impacted by Meltdown and Spectre

Last week it was widely reported that two severe vulnerabilities were  found in Intel chips, either of which could permit attackers to gain  unauthorized access to a computer’s memory. The first vulnerability,  Meltdown (CVE-2017-5754),  can effectively remove the barrier between user applications and  sensitive parts of the operating system. The second vulnerability,  Spectre (CVE-2017-5753 and CVE-2017-5715),  can trick vulnerable applications into leaking their memory contents.  Of the two, Meltdown poses the greater threat because it is easier to  exploit and affects all kinds of computers, including personal computers  and virtual machines in the cloud.

Meltdown and Spectre affect nearly all modern processors, including  chips from Intel, AMD, and those with ARM-based architectures such as  Qualcomm’s, and can only be mitigated through operating system patches.  The good news is that chips on mobile devices, of which Qualcomm is the  leader, may have less exposure to risk than chips on PCs or virtual  machines.

Qualcomm President Cristiano Amon has been quoted as saying that the  recent Meltdown and Spectre security flaws are not concerns for the  company and the mobile industry. According to TechCrunch,  which reported the Qualcomm President’s quotes, Amon said, “There are a  few things that are unique about the mobile ecosystem. Users download  from an app store. On top of that, the impact you had on Android and ARM  — we had patches that got released as early as December to some OEMs.”  The report also adds that according to the Qualcomm President, “this is  not an area of concern for us and the mobile ecosystem.” Moreover,  Google said in a blog post that all Android devices with the latest  security update are protected.

This affirmation by Qualcomm was a collective sigh of relief for many  smartphone users. It is also important to Trustlook, as we work closely  with Qualcomm to power advanced security solutions. Our software  solutions, called SECUREai MP App and SECUREai MP Token, work in concert with the Qualcomm HavenTM Security Platform on Snapdragon chips, giving them unprecedented,  built-in security features. This level of security is made possible by  designing the security into the chip, and cannot be matched by  software-based solutions.

Regardless of how unlikely it is for Qualcomm-powered smartphones to  be impacted by Meltdown or Spectre, it is important to install the  latest security updates as soon as they’re available. It won’t take long  for bad actors to start exploiting these vulnerabilities, as much of  the sample code has already been released to the public.