Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. Security experts at Tencent Blade, the security elite unit at Tencent, have discovered two severe vulnerabilities, QualPwn bugs, that could “allow attackers to compromise the Android Kernel over-the-air. “QualPwn is a […]

Qualcomm Snapdragon

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air.

Security experts at Tencent Blade, the security elite unit at Tencent, have discovered two severe vulnerabilities, QualPwn bugs, that could “allow attackers to compromise the Android Kernel over-the-air.

QualPwn is a series of vulnerabilities discovered in Qualcomm chips. One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air. The other allows attackers to compromise the Android Kernel from the WLAN chip.” reads the security advisory published by the experts. “The full exploit chain allows attackers to compromise the Android Kernel over-the-air in some circumstance.”

The over-the-air attack could be launched when the attacker and the target share the same WiFi network, this specific attack doesn’t require user interaction.

The QualPwn bugs affect Qualcomm’s Snapdragon 835 and the 845 WLAN component.

The first vulnerability, tracked as CVE-2019-10538 is a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel.

The flaw was rated as a high severity issue, it was addressed with a code fix in the Android operating system source code.

The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips. According to the Qualcomm’s security advisory the CVE-2019-10540 flaw affects many chipsets, including: IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712, SD 710, SD 670, SD 730, SD 820, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, and SXR1130.

The vulnerability received a critical severity rating and was addressed with a code fix in Qualcomm’s closed-source firmware that ships on a limited set of devices.

Experts explained that they didn’t test all the Qualcomm chips, but only the Google Pixel2 and Pixel3 devices and verified that unpatched devices running on Qualcomm Snapdragon 835,845 may be vulnerable.

Tencent Blade said they discovered the bugs on their own, and that they haven’t seen any public exploitation attempts, to their knowledge.

Tencent Blade researchers will provide technical details about the QualPwn bugs and their exploitation at the Black Hat USA 2019 security conference and the DEFCON 27 security conference.

The good news is that the Android Security Bulletin for August 2019 addresses both QualPwn bugs.

Qualcomm has already issued fixes to OEMs, and is encouraging end-users to update their devices as patches become available from OEMs.

Unfortunately, a large number of devices will remain vulnerable for a long time because for different reasons that will not be eligible for updates from the vendor. Another aspect to consider is that not all vendors will push the Android update as soon as Google releases it.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – QualPwn bugs, Android)

[adrotate banner=”5″]

[adrotate banner=”13″]