Qualcomm, the tech giant behind the popular Snapdragon processors, has been hit with a series of vulnerabilities affecting its Adreno GPU. Google researchers, the brains behind the Android Red Team, discovered these security flaws. The Adreno GPU, integrated into Snapdragon processors, holds kernel privileges, meaning these vulnerabilities could grant hackers complete control over a Qualcomm-powered device.
The researchers focused their attention on GPU drivers due to their accessibility. Untrusted applications can access these drivers without requiring additional permissions, making them a prime target for hackers. The complexity of the drivers’ interaction with the operating system further exacerbates the issue for users while making the task easier for hackers.
Xuan Xing, the manager of Google’s Android Red Team, explained their focus on GPU drivers: “We are a small team compared to the vast Android ecosystem. The scope is too big for us to cover everything, so we have to identify areas with the highest impact. Untrusted apps can access GPU drivers without permission, which is a significant vulnerability that will likely attract attackers.”
Eugene Rodionov, technical leader of the Android Red Team, added: “The lack of access restrictions and the numerous moving parts make GPU drivers readily available to almost every application. The complexity of the driver’s implementation contributes to the existence of numerous vulnerabilities.”
This discovery highlights the importance of continued security efforts in the tech industry. Developers and manufacturers need to remain vigilant in addressing vulnerabilities and mitigating risks to ensure the safety and security of users’ devices.
