• Home
  • Mobiles
  • Mobiles News
  • 'QualPwn' Critical Security Flaws Affecting Android Phones With Qualcomm Processors Discovered, Patched

'QualPwn' Critical Security Flaws Affecting Android Phones With Qualcomm Processors Discovered, Patched

The vulnerabilities have been patched by Qualcomm, but phone manufacturers have to release updates

Share on Facebook Tweet Share Reddit Comment
'QualPwn' Critical Security Flaws Affecting Android Phones With Qualcomm Processors Discovered, Patched
  • An attacker would need to be on the same Wi-Fi network as the target
  • Qualcomm has released updates through Google and hardware OEMs
  • All Android users are advised to download the August 2019 security patch

The Android Open Source Project (AOSP) website has published its Security Bulletin for August 2019, in which details of two high-severity issues affecting Android devices powered by Qualcomm processors are described. The two security flaws, together known as 'QualPwn', have been patched in the August 2019 over-the-air Android security update. At least one of the two issues affects Qualcomm's Wi-Fi and cellular hardware in a number of popular current and retired smartphone SoC models including the Snapdragon 855, 845, 835, 820, 730, 712, 710, 675, 670, 665, and 636. The Snapdragon 850 and 8CX which are designed for laptops, and several other special-purpose processors aimed at the automotive, IoT, and smart speaker segments, are also affected. 

The issues have been publicised by Tencent Blade, the security arm of Chinese gaming company Tencent. As reported by ZDNet, these flaws can be exploited over the air and do not require hands-on access to a target device, but they do need proximity since an attacker would need to be using the same Wi-Fi network. 

By sending a maliciously modified data packet to the target device, over either a Wi-Fi or cellular connection, the attacker could use these two flaws to create a chain of events that can compromise the device's Android kernel. No action would be required on the part of the device user. On its own, the first flaw could still allow an attacker to spy on a device's communications. 

Qualcomm says it has already released a patch to its partners which they can distribute in future software updates, though many of these manufacturers do not release regular software updates for their phones, especially older models. The August 2019 Android security patch also includes a fix.

Tencent Blade says it has verified the flaw using a Google Pixel 3 (Review) and a Google Pixel 2 (Review), which use the Snapdragon 845 and Snapdragon 835 processors respectively, but has not tried other devices. The company's researchers will present more information beginning this week at the Black Hat and Defcon security conferences. No evidence of these flaws actually being exploited in the wild has been presented.

The flaws were first uncovered in February, after Tencent Blade informed Google, which then roped  Qualcomm in. Qualcomm issued its patch to OEMs in early June. Tencent Blade is only now disclosing this information because enough time has passed for the update to make its way into the August 2019 Android patch.  


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Jamshed Avari

Jamshed Avari has been working in tech journalism as a writer, editor and reviewer for over 13 years. He has reviewed hundreds of products ranging from smartphones and tablets to PC components and accessories, and has also written guides, feature articles, news and analyses. Going beyond simple ratings and specifications, he digs deep into how emerging products and services affect actual users, and what marks they leave on our cultural landscape. He's happiest when something new comes ...More

Nokia 6.2, Nokia 7.2 Said to Receive Certification in Indonesia, Launch Appears Imminent
NASA's Mars 2020 Rover Undergoes 'Eye' Test




© Copyright Red Pixels Ventures Limited 2019. All rights reserved.