Firmware vulnerabilities in Qualcomm Snapdragon allow you to control even computer turned off

Cybersecurity researchers from Binarly Research discovered many vulnerabilities of high danger in the Qualcomm Snapdragon chipset.

Disadvantages were found in UEFI firmware and affect laptops and ARM devices using Qualcomm Snapdragon chips. Qualcomm revealed vulnerabilities on January 5 and released corrections for them .


Errors also affected the Lenovo ThinkPad X13S laptop BIOS. The company released the BIOS update to eliminate the shortcomings . However, 2 vulnerabilities have not yet been eliminated.

According to the founder and general director of Binarly, Alexei Matrosov, with the help of these errors, an attacker can gain control over the system, changing the variable in a power -dependent memory, in which the data is constantly stored, even when the system is turned off.

The changed variable compromises the phase of the safe loading of the system, and the cybercupress can get constant access to the system after the exploit is installed. In other words, an attacker can execute a malicious code or gain access to system resources at any time, even when the system is turned off.

According to Binarly, Windows Dev Kit 2023 from Microsoft (Project Volterra) is also subject to vulnerability. Project Volterra is designed for developers who write and test the code for Windows 11.

The detection of vulnerabilities in the ARM boot layer is particularly alarming, since the architecture controls the mobile ecosystem with low energy consumption, which includes 5G smartphones and basic stations. Basic stations are increasingly becoming a communications center for border devices and cloud infrastructures. Attackers can behave as operators, and they will have constant access to systems at the base stations, and no one will know about it.

/Media reports cited above.