Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Is Qualcomm Facing Another Security Flaw?

May 19, 2016 by  
Filed under Computing

Comments Off on Is Qualcomm Facing Another Security Flaw?

FireEye has found a vulnerability in Qualcomm software packages which are under the bonnet of hundreds of Android phone models.

Google announced this week that it released an Android update to patch shedloads of vulnerabilities, but the advisory mentioned an information disclosure vulnerability in the Qualcomm tethering controller (CVE-2016-2060) that allows a malicious application to access user information.

FireEye said that this vulnerablity is “high severity,” but Google noted that it does not affect Nexus devices. The patch for the issue is not in the Android Open Source Project (AOSP) repository but might make it in the  latest driver updates for affected devices.

The security outfit said that researchers informed Qualcomm about the vulnerability in January and the vendor developed a fix by early March, when it started reaching out to OEMs to let them know about the issue. Now it’s up to the device manufacturers to push out the patch to customers. So probably a long time then.

The flaw exists in an open source software package maintained by Qualcomm and is related to the Android network daemon (netd).

“The vulnerability was introduced when Qualcomm provided new APIs as part of the ‘network_manager’ system service, and subsequently the ‘netd’ daemon, that allow additional tethering capabilities, possibly among other things,” FireEye said.

The flaw has been confirmed to affect devices running Android 5.0 Lollipop and earlier, which currently account for roughly three-quarters of Android devices. Researchers noted that the affected Qualcomm software package is used in a variety of projects, including the popular CyanogenMod, and the vulnerable APIs appear to have been around since at least 2011.

The vulnerability can be exploited to escalate privileges to the built-in “radio” user, which has permissions that are normally not available to a third-party app. The most efficient way to exploit CVE-2016-2060 is via a malicious application that is granted the “ACCESS_NETWORK_STATE” permission.

Courtesy-Fud

Qualcomm Has A Snapdragon CPU For Cars

January 20, 2016 by  
Filed under Computing

Comments Off on Qualcomm Has A Snapdragon CPU For Cars

Qualcomm has told the assorted throngs at CES about a new Snapdragon 820 Automotive family of products. It will come in two flavors – a standard 820A and an 820Am that adds an LTE modem.

The chip is designed for in-car navigation and infotainment systems running QNX, Linux, and Android.  It has wireless capabilities and can connected to your phone.  The LTE version will link to the Internet.

They can manage multiple displays to run the screen in your dashboard  and an infotainment screen in the back seat. It also offers support for high-resolution 4K displays for when some company inevitably decides to cram a high-res, high-density screen into one of its cars.

The 820A chips are close cousins ofthe the Snapdragon 820 SoCs that will start shipping in phones later this year and use Qualcomm’s custom-made 64-bit Kryo CPU cores, an Adreno 530 GPU, a  Hexagon 680 DSP all cooked up with a 14nm manufacturing process. They will also use the Snapdragon X12 LTE which can manage 600Mbps down and  150Mbps up when the wind is behind it and it is going downhill. There are all the usual 802.11ac Wi-Fi, Bluetooth, and other features.

Qualcomm said that it used a “modular approach” in designing the chip, which  means that the cars infotainment system can be upgraded with hardware and software updates, thereby enabling vehicles to be easily upgraded with the latest technology.

Car makers could theoretically swap out the chip or the entire package without needing to worry about software changes. Qualcomm specifically mentions upgrading LTE connectivity over the lifetime of the car to keep up with the capabilities of cellular networks.

Qualcomm says the 820A family will begin sampling in Q1 of 2016.

Courtesy-Fud