Tuesday, December 5, 2023

QualPwn – Vulnerabilities in Qualcomm chips Allows Attackers to Compromise Android Devices Remotely

QualPwn, critical vulnerabilities in Qualcomm chips, that allows attackers to compromise Android device remotely over-the-air. The flaw resides in the Qualcomm’s Snapdragon WLAN component.

The series of vulnerabilities dubbed QualPwn, discovered by Tencent Blade Team, the first two vulnerabilities reside in Qualcomm chips and the third one in Android Kernel.

The vulnerabilities chained together allows attackers to compromise the Android device over-the-air without any user interaction. The over-the-air attack can be triggered if the victim and the attacker connected with the same WiFi network.

Vulnerability Impact

Researchers tested with Google Pixel2/Pixel3 and didn’t test with all the phones, “results of our tests indicate that unpatched phones running on Qualcomm Snapdragon 835,845 may be vulnerable.”

CVE-2019-10539(Compromise WLAN Issue) – Possible buffer overflow vulnerability in the WiFi firmware, due to lack of length check while parsing the extended cap IE header length.

CVE-2019-10540 (WLAN into Modem issue) – Buffer overflow vulnerability that affects Qualcomm WLAN and the vulnerability is due to lack of check of the count value received in NAN availability attribute.

Attackers can exploit the vulnerability by sending maliciously crafted packet over air, according to Qualcomm report the vulnerability affects other chipsets that includes, IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712, SD 710, SD 670, SD 730, SD 820, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, and SXR1130.

CVE-2019-10538 (Modem into Linux Kernel issue) – The vulnerability relies on the Qualcomm Linux kernel component for Android, an attacker could exploit the vulnerability to overwrite the Linux kernel for Android.

Patches for QualPwn

The vulnerabilities were discovered in February and the researchers reported the details to Google and Qualcomm. In June Qualcomm issued fixes and notified OEMs. Google issued patches for the vulnerability with the August security update.

Users are recommended to update with the latest security updates that rolled out August 5, 2019, that address both of the bugs.

The full details of the bug were and the exploitation steps were not yet disclosed, according to Tencent there is no public full exploit code available.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read

Critical Vulnerabilities in Free Android Antivirus Apps Let Attackers to Steal Address Books and Disable Antivirus Protection

VMware Security Vulnerabilities Leads to Code Execution and Cause DoS Condition

Vulnerability in Apple iMessage Let Hackers Remotely Read Files in iPhone – PoC Released


Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles