SoylentNews is people
SoylentNews
Snapdragon chip flaws put >1 billion Android phones at risk of data theft:
Snapdragon is what’s known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.
“While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features—they do come with a cost,” researchers from security firm Check Point wrote in a brief report of the vulnerabilities they discovered.
[...] Qualcomm has released a fix for the flaws, but so far it hasn’t been incorporated into the Android OS or any Android device that uses Snapdragon, Check Point said. When I asked when Google might add the Qualcomm patches, a company spokesman said to check with Qualcomm. The chipmaker didn’t respond to an email asking.
Check Point is withholding technical details about the vulnerabilities and how they can be exploited until fixes make their way into end-user devices. Check Point has dubbed the vulnerabilities Achilles. The more than 400 distinct bugs are tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.
(Score: 2) by Blymie on Monday August 10 2020, @09:46AM (6 children)
Not sure where you live, but in Modern Times, most new Android phones are patched monthly. This is true of all Oneplus, Google, Samsung, Blackberry phones, as ones I have direct experience with. Why are you spreading disinformation?
(Score: 3, Insightful) by petecox on Monday August 10 2020, @10:14AM (4 children)
But only for 2-3 years? My 2017 model hasn't received an update since Feb 2019.
If by "Modern Times" you mean let's cross our fingers and hope OEMs really actually mean it this time with Project Mainline. Otherwise, it's back to installing a custom ROM such as LineageOS.
Despite its underwhelming specs, I'm sorely tempted by the 3GB Pinephone, which can be built with lifetime updates from kernel.org sources.
(Score: 2) by RS3 on Monday August 10 2020, @12:30PM (3 children)
Agreed, same here. I have several Android phones, the newest with Android 7, and no updates have been available to any of them in the past 2-3 years. Haven't tried LineageOS yet. The PinePhone is looking better and better.
IMHO, manufacturers (including Microsoft) should be forced to provide updates, and my thoughts are based on the fact that the product was flawed from the start.
(Score: 2) by etherscythe on Monday August 10 2020, @04:29PM (2 children)
...or buy back the device at the original sale price. Hit them where it hurts, and they'll find a better solution.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by RS3 on Monday August 10 2020, @05:01PM
One can only dream of such a world...
Realistically I understand the economic implications of such laws/rules. Pretty much everything software / firmware is done under the "release something now, update someday later" and radically changing that would cause economic disaster. It would have to be phased in.
I personally advocate for 10-20 year warranties on things for inherent defects / flaws (that were there from the beginning but not known until 10-20 years later.) Do people really expect you to buy a new phone or computer every year or two? I'm just getting the thing setup how I like it by then.
The success and stability of Linux proves Linus' system of development / release works well.
(Score: 0) by Anonymous Coward on Monday August 10 2020, @11:46PM
... adjusted for inflation.
(Score: 2) by epitaxial on Tuesday August 11 2020, @02:32PM
My iPhone 6 Plus is close to 6 years old now and is still getting updates for iOS 12. Say what you want about Apple but Android updates are a joke.