Security researchers discovered that a chip present in some Android phones manufactured by Qualcomm is collecting sensitive user data such as passwords, financial information, and fingerprints.
The chip, called the Qualcomm Secure Execution Environment (QSEE), is designed to protect sensitive information on the device.
However, researchers found that the QSEE chip was logging sensitive data in plaintext and sending it to the phone’s main processor, potentially exposing it to hackers or other malicious actors.
The affected phones include devices from Google, Samsung, LG, and OnePlus, among others.
Qualcomm has released a patch for the vulnerability and has recommended that users update their phones as soon as possible to protect themselves from potential attacks.