93% of Chipset Flaws on Android Devices Persist Across Generations
A recent study from Ruhr University Bochum has uncovered alarming findings regarding the security of Android smartphone chipsets, revealing that 93% of vulnerabilities in new chipsets are inherited from older models. This research highlights critical issues in how vulnerabilities are managed, affecting billions of devices globally.
Key Findings from the Study
Vulnerability Inheritance: The study analyzed 3,676 vulnerabilities across 437 chipset models from major manufacturers—Qualcomm, Mediatek, Samsung, and Unisoc. The overwhelming majority of new chipsets carry over vulnerabilities due to code reuse practices, with only about 7% of vulnerabilities being newly introduced in each generation. This raises significant concerns about cumulative risks in device security.
Delays in Patching: The research found that only 9% of vulnerabilities are patched before the release of the next chipset generation. Qualcomm and Samsung, the leading manufacturers, have notably poor adherence to the industry-standard 90-day disclosure period, with Qualcomm addressing less than 20% of vulnerabilities in time.
Inconsistent Update Information: There is a significant lack of transparency regarding vulnerability updates. While Qualcomm and Samsung provide information across multiple databases, over 75% of vulnerabilities related to Mediatek and Unisoc were absent from the Android Open Source Project (AOSP) bulletins. This inconsistency leaves users unaware of their devices' security status.
Broader Implications
With Android holding a 70.5% market share in mobile operating systems, the implications of these findings are profound. Vulnerabilities in chipsets can affect hundreds or thousands of smartphone models, posing risks to user privacy and security. For example, a single vulnerability identified in Mediatek's chipsets impacted over 2,200 smartphone models, illustrating the widespread consequences of inadequate chipset security management.
The study emphasizes the urgent need for improvements in how chipset manufacturers handle vulnerabilities. As billions of devices depend on these technologies, addressing gaps in patching and communication is essential to enhance user safety and trust in Android devices.
In conclusion, this research serves as a wake-up call for both manufacturers and consumers about the critical importance of proactive security measures in the rapidly evolving landscape of mobile technology.
Citations: [1] https://cyberinsider.com/93-of-chipset-flaws-on-android-devices-persist-across-generations/