Qualcomm Snapdragon SoC vulnerability could compromise IoT security
One of the greatest concerns surrounding the growth of the Internet of Things (IoT) is its security, and it seems that some people's worst fears have just been realized. Security experts at Trend Micro have discovered a vulnerability in Qualcomm Snapdragon-produced SoC (system on a chip) devices.
In fact, it is the same vulnerability that cropped up earlier in the month, affecting Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Note Edge Android handsets. This in itself is concerning as these are devices that are no longer in line for security updates, but more concerning is the fact that the same chips are used in IoT devices. The vulnerability makes it possible for an attacker to gain root access to the hardware, and this is worrying in a world of inter-connected devices.
In the interests of trying to contain the problem, Trend Micro has not revealed full details of the vulnerability but is using the issue to highlight a serious problem not just for handset owners but also for adopters of the IoT. The lack of updates available for the affected phones illustrate perfectly just how a security issue discovered in another connected device using the same chip -- a fridge, a home heating system, a car -- could be left vulnerable in exactly the same way.
Trend Micro's Noah Gamer writes:
A large portion of the population already doesn't see the point of updating their systems, and this only pertains to the few Internet-connected devices in their homes. An IoT future, where almost every device in the home will have a connection, is only going to compound this problem further. Add in the fact that some of these devices will be designed to be cheap and 'essentially disposable' and it's easy to see why many people worry about the security of the IoT. SoCs like the ones developed by Snapdragon are already making their rounds in IoT devices including certain wearables. If the industry can't find a way to effectively patch these vulnerabilities, there could be massive repercussions.
Gamer highlights some recent examples of hacked connected devices including a Barbie doll that could be used as a surveillance device, and a pacemaker that could be used to kill the person it was inside. Hacking a smartphone by exploiting a vulnerability is one thing, but as the IoT infiltrates further and deeper into our lives, the long arm of attackers could reach even further and have even more disastrous consequences.
Updates -- and a reliable system for delivering them -- are what's needed, says Trend Micro:
If the IoT is going to be as widespread as many experts predict, there needs to be some sort of system in place ensuring these devices are safe for public use. Security updates are an absolute necessity these days, and users of these connected devices need to know what they're dealing with.