The Tencent Blade team announced QualPwn vulnerabilities in Qualcomm chipsets which affect Android devices. The China-based firm will make its announcement at the Black Hat conference in Las Vegas, Nevada.
According to Forbes, the security researchers found the weaknesses in Qualcomm chips of Android phones. The systems exposed to these weaknesses include the Snapdragon 835 and 845. The main smartphone devices affected by the vulnerability include Samsung Galaxy S9, Google Pixel 3, and OnePlus 6T.
The Tencent Blade team initially found the Snapdragon 835 vulnerability last February 14, 2019. The WiFi chip exposure happened a month after. The company alerted authorities regarding the use, alongside Google and Qualcomm, notes Forbes.
Besides these premium devices, other affected gadgets include the Samsung Note 9 and Google Pixel 2, reveal Express. Tencent Blade researchers conducted a series of tests on the Google Pixel 2 and Pixel 3 to test the exploit. Following the series of tests, the company said, “unpatched phones running on Qualcomm Snapdragon 835 and 845 may be vulnerable.”
Apart from the phones released in 2018 and 2019, Tencent Blade also found the Snapdragon 835 version affected 2017 devices. Despite this, the Chinese Internet giant says, “it is unlikely the security has been taken advantage of in the wild.”
What QualPwn Does
According to Tencent Blade, QualPwn is a “series of vulnerabilities discovered in Qualcomm chips.” On the one hand, the first vulnerability allows hackers to gain access to the WLAN and Modem over-the-air. Meanwhile, the other weakness also “[compromise] the Android Kernel over-the-air.”
Both potential attacks remain possible upon connecting to the same WiFi networks. However, these don’t require user interaction, states ZD Net. Because of this, attackers and hackers alike can gain access to the system data without the user’s information.
While Qualcomm protects its users by the Secure Boot feature, the vulnerability overpowers the system. This result to “access to the modem so that debugging tools can be loaded and the baseband can be controlled.”
The Android Security Bulletin for August 2019 revealed that QualPwn vulnerabilities exposed Android devices to hackers. In the same post, the company issued a notification for two patches fixing the said vulnerabilities.
Following this, the bulletin urges users who have Qualcomm chips to install the newest security patches issued last August 5. More information remains in discussion at the upcoming Black Hat 2019 Convention and DEFCON 27, notes Android Central. Both talks by Tencent Blade will cover issues surrounding QualPwn vulnerabilities.
