Samsung and Qualcomm’s relationship appears to be reaching new “it’s complicated” levels after a new report raised an alarming number of concerns concerning the security of a key chip from the San Diego-based tech giant. Over 400 of them, to be exact, as that’s how many vulnerabilities were recently brought to Qualcomm’s attention concerning one of its widely used Digital Signal Processor units. So, not really chips – a chip.
Known industry quantity Check Point Research is behind the new findings, which were already disclosed to Qualcomm prior to publication, as is customary. However, given the massive scope of the findings, Qualcomm and its clients will be patching them for a while yet. As a result, we have no choice but to wait for most of their technical details to arrive at a later date. What’s been disclosed so far explains the nature of the vulnerabilities, but without breaking down the affected chips or devices using them.
Among the more concerning findings are large volumes of harvestable image data exploitable for user spying purposes, flaws allowing attackers to keep devices in an unresponsive state of fake data processing, and attack vectors so deep that malicious actors could perform all of those actions completely undetected and irreversible. Regarding the latter, DSP chips are as proprietary as tech gets, and as with any other attempt at the so-called “security through obscurity”, addressing any vulnerabilities rising from such black-box components is a nightmare.
The line between ‘healthy’ and ‘toxic’ rivalry is getting blurry
And while Qualcomm continues to frustrate Samsung Electronics (and the rest of the industry) with constant chipset price hikes and a licensing system that’s borderline-hostile toward anyone hoping to use rival solutions, the Korean juggernaut’s foundry business is presently under some added pressure over the lucrative 5nm order concerning Qualcomm’s 2021 flagship chipsets. Namely, it appears a significant portion of that batch will go to TSMC instead of Samsung. Not that Qualcomm isn’t smart to diversify its supply network as much as possible, of course. But the dynamic between the duo has been exhibiting some pretty serious signs of toxicity throughout the last decade, starting with the CDMA controversy.
That is, starting with the fact Samsung’s own Exynos chips have been priced out of the U.S. with laser-point accuracy called Qualcomm’s legal counsel and CDMA patents integral to last-gen network standards. Then again, the Exynos team hasn’t been doing too hot lately, with its struggles reaching what was internally described as a “humiliating” performance difference between its in-house Exynos 990 and Qualcomm’s Snapdragon 865 shortly after the Galaxy S20 line debuted in March this year, so that’s one win Samsung fans in the U.S. would probably be willing to concede to the North American chipmaker.