Demand for graphics processing units or GPUs has exploded in recent years as video rendering and artificial intelligence systems have expanded the need for processing power. And while most of the most visible shortages (and soaring stock prices) relate to top-tier PC and server chips, mobile graphics processors are the version that everyone with a smartphone is using everyday. So vulnerabilities in these chips or how they’re implemented can have real-world consequences. That’s exactly why Google’s Android vulnerability hunting red team set its sights on open-source software from the chip giant Qualcomm that’s widely used to implement mobile GPUs.
At the Defcon security conference in Las Vegas on Friday, three Google researchers presented more than nine vulnerabilities—now patched—that they discovered in Qualcomm’s Adreno GPU, a suite of software used to coordinate between GPUs and an operating system like Android on Qualcomm-powered phones. Such “drivers” are crucial to how any computer is designed and have deep privileges in the kernel of an operating system to coordinate between hardware peripherals and software. Attackers could exploit the flaws the researchers found to take full control of a device.
For years, engineers and attackers alike have been most focused on potential vulnerabilities in a computer’s central processing unit (CPU) and have optimized for efficiency on GPUs, leaning on them for raw processing power. But as GPUs become more central to everything a device does all the time, hackers on both ends of the spectrum are looking at how GPU infrastructure could be exploited.
“We are a small team compared to the big Android ecosystem—the scope is too big for us to cover everything, so we have to figure out what will have the most impact,” says Xuan Xing, manager of Google’s Android Red Team. “So why did we focus on a GPU driver for this case? It’s because there’s no permission required for untrusted apps to access GPU drivers. This is very important, and I think will attract lots of attackers’ attention.”
Xing is referring to the fact that applications on Android phones can talk to the Adreno GPU driver directly with “no sandboxing, no additional permission checks,” as he puts it. This doesn’t in itself give applications the ability to go rogue, but it does make GPU drivers a bridge between the regular parts of the operating system (where data and access are carefully controlled), and the system kernel, which has full control over the entire device including its memory. “GPU drivers have all sorts of powerful functions,” Xing says. “That mapping in memory is a powerful primitive attackers want to have.”
The researchers say the vulnerabilities they uncovered are all flaws that come out of the intricacies and complicated interconnections that GPU drivers must navigate to coordinate everything. To exploit the flaws, attackers would need to first establish access to a target device, perhaps by tricking victims into side-loading malicious apps.
“There are a lot of moving parts and no access restrictions, so GPU drivers are readily accessible to pretty much every application,” says Eugene Rodionov, technical leader of the Android Red Team. “What really makes things problematic here is complexity of the implementation—that is one item which accounts for a number of vulnerabilities.”
Qualcomm released patches for the flaws to “original equipment manufacturers” (OEMs) that use Qualcomm chips and software in the Android phones they make. “Regarding the GPU issues disclosed by Android Security Red Team, patches were made available to OEMs in May 2024,” a Qualcomm Spokesperson tells WIRED. “We encourage end users to apply security updates from device makers as they become available.”
The Android ecosystem is complex, and patches must move from a vendor like Qualcomm to OEMs and then get packaged by each individual device maker and delivered to users’ phones. This trickle-down process sometimes means that devices can be left exposed, but Google has spent years investing to improve these pipelines and streamline communication.
Still, the findings are yet another reminder that GPUs themselves and the software supporting them have the potential to become a critical battleground in computer security.
As Rodionov puts it, “combining high complexity of the implementation with wide accessibility makes it a very interesting target for attackers.”
