Tracking 4049 chipset vulnerabilities across 6866 different smartphone models.
What is this about?
Every smartphone contains a chipset, enabling functionality such as calls, data connectivity, Bluetooth and WiFi communication, digital image processing and more. Detecting and addressing chipset vulnerabilities is crucial for optimal smartphone security. However, information on these vulnerabilities is scattered across chipset manufacturers' websites, AOSP's Security Bulletins, and OEM websites. Our website consolidates this data for a unified and accessible view.
Updates
Explore timelineThe big picture.
Our data provides a holistic overview on each phase of the vulnerability lifecycle.
Vulnerability Introduction
Each new chipset release brings exciting features, yet often inherits vulnerabilities from previous generations.
In each new chipset generation...
Vulnerability Discovery
Vulnerabilities are either found internally by chipset manufacturers, or by external researchers.
Since 2018, external researchers have found 55% of all published chipset vulnerabilities.
The relative amount of externally discovered vulnerabilities differs between chipset manufacturers.
Manufacturer | 2023 | 2024 |
---|---|---|
MediaTek | 10% | 39% |
SAMSUNG LSI | 60% | 0% |
Qualcomm | 57% | 53% |
UNISOC | 7% | 2% |
Patch Development
Once a vulnerability is discovered, the affected chipsets' manufacturer assesses its severity, develops a patch and publishes vulnerability information in the form of a CVE and a bulletin on their website as well as the AOSP.
Firmware
Drivers
For vulnerabilities published in 2024, it took chipset manufacturers on average 153 days to provide a patch to OEMs, after they have been informed of a vulnerability. This is 0% faster than in 2023.
Based on data provided on the websites of Qualcomm and Samsung.
Update deployment
For researchers.
Our data set aids researchers in tracking vulnerability trends, offering aggregated monthly discovery numbers. This helps focus research efforts on underrepresented or highly vulnerable areas. Additionally, it assesses individual research impact by offering per vulnerability information on impacted chipsets and devices.
Furthermore, evaluating novel vulnerability discovery techniques warrants a representative set of devices to empirically test the success of said techniques. Many chipsets share the same vulnerabilities through code re-use. Manually testing chipsets affected by mostly overlapping sets of vulnerabilities is time consuming, unnecessarily expensive and thus inefficient. Our device picker helps select a variety of devices with chipsets that share fewer vulnerabilities, increasing the likelihood of testing novel implementations rather than re-used ones.