Researchers from Google’s Android Red Team have discovered more than nine vulnerabilities in Adreno GPU, Qualcomm’s popular software used to manage the mobile chips in millions of Android devices. The team spoke about this at the Defcon cybersecurity conference in Las Vegas.
Image source: Pete Linforth/Pixabay
The vulnerabilities, which have now been patched, allowed attackers to gain full control of the device. However, to do this, they first had to gain access to the target device, for example, by tricking the victim into installing a malicious application, Wired explains.
The problem is that any application on Android phones can directly interact with the Adreno GPU driver “without sandboxing or additional checks,” explains Xuan Xing, head of the Android Red Team. While this in itself does not give applications the ability to act maliciously, it does make GPU drivers a bridge between parts of the operating system and its kernel, providing complete control over the entire device, including its memory.
Experts note that GPUs and the software that supports them can become a critical battleground in the field of computer security, since the combination of high implementation complexity and widespread availability is of particular interest to attackers.
Qualcomm has already released patches to original equipment manufacturers (OEMs) in May 2024 and has recommended that end users install security updates from device manufacturers as they become available.
Google plans to roll out end-to-end encryption (E2EE) of email to all users, even those…
Vladimir Putin signed a law aimed at protecting citizens from telephone and cyber fraudsters: employees…
«In the coming months, OpenAI plans to release an open source large language model of…
The US Federal Aviation Administration (FAA) has announced that it has received a document containing…
During spring cleaning, UK resident Ellie Hart threw out a USB device with the trash,…
Early last month, TSMC announced plans to spend another $100 billion to expand its U.S.…