Mobile Phone Chip Company Collects User’s Private Data

Uploaded on 2023-05-17 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The smartphone is a device we trust with many of our secrets and is a ubiquitous device which many users carry with them all the time. When we use our mobile phones we expect to have a high degree of privacy. Whether we’re making a call, sending a text or browsing the web, we assume we have full control over who can see or hear what we’re doing. 

The reality is that someone could be listening in and you might never know and now, Qualcomm a US company specialising in manufacturing wireless telecommunications hardware has allegedly been secretly collecting user data.

Qualcomm's technology is used in various mobile devices, including smartphones, wearables, as well as industrial and automotive applications. They contribute to wireless technology development, such as 5G, Bluetooth, and Wi-Fi 6. The company specialises in several other technologies used across the wireless ecosystem, including AR/VR and features for device charging.

Chips produced by the company are used in approximately 30% of all Android devices, as well as some Apple smartphones.

Research published by IT security hardware firm Nitrokey claims that hardware produced by Qualcomm was uploading users’ private data, including IP addresses, to a cloud attributed to the company without their consent. As data sharing with Qualcomm is not mentioned in Sony’s terms of service (the vendor of the device used by a researcher), Android, or non-Google /e/OS operating systems, this might violate General Data Protection Regulation laws (GDPR).

Nitrokey claims that on top of the concerns regarding consent, the data packages are sent via the HTTP protocol and are not encrypted using HTTPS, SSL, or TLS. This makes them vulnerable to attacks. By collecting this data and creating record history using the phone’s unique ID and serial number, anyone on the network, including malicious actors, government agencies, network administrators, and telecom operators could easily spy on users.

According to Qualcomm, the collection of information was in accordance with their privacy policy that states the following: “Through these software applications, we may collect location data, unique identifiers (such as a chipset serial number or international subscriber ID), data about the applications installed and/or running on the device, configuration data such as the make, model, and wireless carrier, the operating system and version data, software build data, and data about the performance of the device such as performance of the chipset, battery use, and thermal data... We may also obtain personal data from third party sources such as data brokers, social networks, other partners, or public sources.”

Both Apple and Android with their App Store and Google Play Store are spying on its paying customers. As a private alternative some people prefer to install a Google-free version of Android on their ordinary smartphone.

Nitrokey:     I-HLS:     Cybernews:      Daily Mail:    TMB:    Reddit:    CGTN:

You Might Also Read: 

Spying On Mobile Phone Calls:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« 5G Renders Smart Cities More Vulnerable To Attacks
Google’s New Cyber Security Certificate Program »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

PFP Cybersecurity

PFP Cybersecurity

PFP provides a SaaS solution for life-cycle protection based on our IoT security platform and power usage analytics.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Axiomtek

Axiomtek

Axiomtek is a leading design and manufacturing company in the industrial computer and embedded field.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia is responsible for implementing public policies in the field of cybersecurity and developing the cybersecurity strategy of the Generalitat de Catalunya.