Qualcomm chip accused of collecting and transmitting user information

German security company Nitrokey recently published a blog post saying it found an unlisted function on Qualcomm’s Snapdragon chip.

According to TechGoing, this function can collect some mobile phone data and send it directly to Qualcomm servers without the involvement of the Android system

To prove its claim, Nitrokey installed a Google service-free version of Android on a Snapdragon 630-powered Xperia XA2 phone, with no SIM card inserted, and can only connect to the internet via Wi-Fi. Nitrokey used the Wireshark tool to capture data packets and detect that the data will be transmitted to the izatcloud.net server, which is owned by Qualcomm.

This information causes concern in the context that including Android phones and iPhones (using communication modules from Qualcomm), 30% of mobile phones in the world use Qualcomm chips.

This data is sent over the insecure HTTP protocol without any additional encryption and the uniquely identifiable data sent to the Izat Cloud is essentially accessible and readable by anyone.

Qualcomm then replied that the data transmission is subject to the privacy policy of the XTRA service, which allows the company to collect a unique smartphone identifier, chip name, chip serial number, XTRA software version, mobile network and country code, carrier or operating system type/version, device model, list of programs on the device, IP address

Related posts

GTA 6 is guaranteed to launch on time, Take-Two quashes delay rumors

Be wary of SteelFox malware attacking Windows using a copyright-cracking tool

Apple chose Foxconn and Lenovo to develop an AI server based on Apple Silicon