Qualcomm Snapdragon SoC Vulnerability Could Compromise IoT Security

Reader Mark Wilson writes: One of the greatest concerns surrounding the growth of the Internet of Things (IoT) is its security, and it seems that some people's worst fears have just been realized. Security experts at Trend Micro have discovered a vulnerability in Qualcomm Snapdragon-produced SoC (system on a chip) devices. In fact, it is the same vulnerability that cropped up earlier in the month, affecting Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Edge Android handsets. This in itself is concerning as these are devices that are no longer in line for security updates, but more concerning is the fact that the same chips are used in IoT devices. The vulnerability makes it possible for an attacker to gain root access to the hardware, and this is worrying in a world of inter-connected devices. In the interests of trying to contain the problem, Trend Micro has not revealed full details of the vulnerability but is using the issue to highlight a serious problem not just for handset owners but also for adopters of the IoT.

awful article

[ico2]

What a terrible article. For two reasons:

1. Isn't at all clear on what the vulnerability is. It is in fact a bug in the kernel (presumably a device driver for this SoC). I only found this out by reading a different article. This one makes it sound like some sort of problem in the silicon.

2. Isn't news. This vulnerability is already known.

We're all becoming sadly more and more used to articles that try to make a story sound bigger by relating it tenuously to some possible impact (every article about some incremental improvement in battery technology needs 4 paragraphs about electric cars, grid storage and longer battery life for phones), but this really does take the piss by not even attempting to cover the actual story and only going on about the potential impact on IoT security.

Sure, we all need to be aware of the dangers of IoT security (or lack of it), but this is not the way to go about it.