Saturday, November 9, 2024
HomeAndroidQualPwn - Vulnerabilities in Qualcomm chips Allows Attackers to Compromise Android Devices...

QualPwn – Vulnerabilities in Qualcomm chips Allows Attackers to Compromise Android Devices Remotely

Published on

Malware protection

QualPwn, critical vulnerabilities in Qualcomm chips, that allows attackers to compromise Android device remotely over-the-air. The flaw resides in the Qualcomm’s Snapdragon WLAN component.

The series of vulnerabilities dubbed QualPwn, discovered by Tencent Blade Team, the first two vulnerabilities reside in Qualcomm chips and the third one in Android Kernel.

The vulnerabilities chained together allows attackers to compromise the Android device over-the-air without any user interaction. The over-the-air attack can be triggered if the victim and the attacker connected with the same WiFi network.

- Advertisement - SIEM as a Service

Vulnerability Impact

Researchers tested with Google Pixel2/Pixel3 and didn’t test with all the phones, “results of our tests indicate that unpatched phones running on Qualcomm Snapdragon 835,845 may be vulnerable.”

CVE-2019-10539(Compromise WLAN Issue) – Possible buffer overflow vulnerability in the WiFi firmware, due to lack of length check while parsing the extended cap IE header length.

CVE-2019-10540 (WLAN into Modem issue) – Buffer overflow vulnerability that affects Qualcomm WLAN and the vulnerability is due to lack of check of the count value received in NAN availability attribute.

Attackers can exploit the vulnerability by sending maliciously crafted packet over air, according to Qualcomm report the vulnerability affects other chipsets that includes, IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712, SD 710, SD 670, SD 730, SD 820, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, and SXR1130.

CVE-2019-10538 (Modem into Linux Kernel issue) – The vulnerability relies on the Qualcomm Linux kernel component for Android, an attacker could exploit the vulnerability to overwrite the Linux kernel for Android.

Patches for QualPwn

The vulnerabilities were discovered in February and the researchers reported the details to Google and Qualcomm. In June Qualcomm issued fixes and notified OEMs. Google issued patches for the vulnerability with the August security update.

Users are recommended to update with the latest security updates that rolled out August 5, 2019, that address both of the bugs.

The full details of the bug were and the exploitation steps were not yet disclosed, according to Tencent there is no public full exploit code available.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Also Read

Critical Vulnerabilities in Free Android Antivirus Apps Let Attackers to Steal Address Books and Disable Antivirus Protection

VMware Security Vulnerabilities Leads to Code Execution and Cause DoS Condition

Vulnerability in Apple iMessage Let Hackers Remotely Read Files in iPhone – PoC Released

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...