Qualcomm chips caught secretly spying on users
Gadgets

Qualcomm chips caught secretly spying on users

According to the blog of the German company Nitrokey, which deals with hardware solutions in the field of information security, undocumented functions have been discovered in Qualcomm single-chip platforms, thanks to which some data from smartphones are sent directly to Qualcomm servers – without any involvement of the operating system.

Researchers tested custom Android smartphones stripped of closed-source Google apps and services to block Google data transfer for experiment purity. It turned out that this did not prevent the leakage of some important information that allows you to learn a lot about the user.

After installing pure Android on a Sony Xperia XA2 smartphone with Qualcomm Snapdragon 630, it was only used with WLAN and without a SIM card. To control traffic, Wireshark program was used to detect data leaks. It turned out that even after installing Android without Google services, the smartphone made attempts to contact the company’s services, but this was to be expected from Android, even if it was “cleaned up”.

Unexpectedly, the device also made contact with the izatcloud.net servers. As it turned out, they belong to Qualcomm, while the verification of the source code of the operating system did not reveal any references to this domain. According to Nitrokey, Qualcomm chips are used in 30% of devices, including both Android and iPhone models. The latter in particular use Qualcomm modems. It is likely that data transfer to Qualcomm servers can affect many smartphones and chipsets. The data was sent over an insecure HTTP protocol without any additional encryption, allowing literally anyone to access the unique identification data sent by Qualcomm to Izat Cloud.

Qualcomm said the data transfer complies with the XTRA service’s privacy policy, which actually allows the company to collect a unique smartphone identifier, chipset name, chipset serial number, XTRA software version, mobile country code, and mobile network code that you specify can only the country, but also the operator, the type and version of the operating system, the manufacturer and model of the device, the list of programs on the devices, the IP address and other data. In addition, the XTRA service appears to be directly linked to the A-GPS auxiliary positioning system.

IN nitrokey came to the conclusion that Qualcomm’s custom AMSS firmware not only takes precedence over any operating system, but also allows you to use the collected data to create a unique device signature, which, thanks to the use of the HTTP protocol, can be easily accessed by any third party can be traced – not to mention that Qualcomm may be working with the intelligence services of one or more countries. Nitrokey reported that it is almost impossible for a normal user to protect themselves from such data transmission – even with the GPS module turned off and other protections enabled. There are some methods of protection, but they require special training.

About the author

Johnson Smith

Johnson Smith is interested in Home Theater & Audio, Smart Tech, Google News & Products, How To, Apple News & Products, Cell Phones, Automotive Technology.

Add Comment

Click here to post a comment