Analysis of the Hidden Backdoor Event in Qualcomm GPS Service

Background

On May 6, 2023, an article titled “Hidden Backdoor in Qualcomm GPS Services Discovered” was published on WeChat [1], which caught the attention of QiAnXin Threat Intelligence Center.

The article was translated from a post published by a German security vendor Nitrokey on April 25, titled “Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker” [2]. The original article mentioned that smartphones using Qualcomm chips automatically send data with device identification information to Qualcomm’s GPS service.

The article sparked discussions abroad, including some opposing views. For example, Martijn Braam’s comment post on April 25 [3] believed that Nitrokey’s description was exaggerated and suspected of promoting their own products. Nitrokey responded to the discussion at the end of the original article.

QiAnXin Threat Intelligence Center analyzed and interpreted the original Nitrokey article and various discussions, conducted testing and verification in a real environment using an Android device, and finally gave our opinion on the possible…