Vulnerability, Where Art Thou? An Investigation of Vulnerability Management in Android Smartphone Chipsets
Daniel Klischies
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Android Security 2
While much attention in Android security research typically focuses on application vulnerabilities or issues within the Android operating system itself, a critical and often overlooked area is the underlying hardware: the smartphone chipset. These complex components are responsible for fundamental device functionality, from running Android to enabling cellular connectivity. Despite their pervasive role, a large-scale, systematic study into how vulnerabilities in these chipsets are discovered, managed, and patched has been conspicuously absent. This talk, presented by Daniel Klischies at the NDSS Symposium, addresses this gap by presenting a comprehensive investigation into the vulnerability management landscape of Android smartphone chipsets.
AI review
Solid systematic research that fills a real gap — nobody had built a comprehensive, cross-vendor knowledge base correlating chipset CVEs to specific phone models at this scale before. The 93% vulnerability persistence finding alone is a meaningful empirical contribution that reframes how researchers should think about chipset attack surface across generations.