Back to Blog

QualPwn vulnerabilities in Qualcomm chips let hackers compromise Android devices

August 7, 2019

By: mirabiliscorp

Patches for the QualPwn vulnerabilities have been released earlier today by both Qualcomm and the Android team.

The Android Security Bulletin for August 2019 is out today and this month’s Android security patches include a fix for two dangerous vulnerabilities that impact devices with Qualcomm chips.

Known collectively as QualPwn, these two vulnerabilities “allow attackers to compromise the Android Kernel over-the-air,” according to Tencent Blade, a cyber-security division at Tencent, one of China’s biggest tech firms.

The over-the-air attack is not a fully remote attack, meaning it can’t be executed over the internet. To launch a QualPwn attack, the attacker and the target must be on the same WiFi network.

Nonetheless, the QualPwn attacks don’t require user interaction, and Android users with affected Qualcomm chipsets will need to look into installing the August 2019 Android OS security patch.

QUALPWN VULNERABILITIES BREAKDOWN

The two QualPwn vulnerabilities are as follow:

  • CVE-2019-10538 – a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel. Can be exploited by sending specially-crafted packets to a device’s WLAN interface, which allows the attacker to run code with kernel privileges.
  • CVE-2019-10540 – a buffer overflow in the Qualcomm WLAN and modem firmware that ships with Qualcomm chips. Can be exploited by sending specially-crafted packets to an Android’s device modem. This allows for code execution on the device.

The first issue was patched with a code fix in the Android operating system source code, while the second bug was patched with a code fix in Qualcomm’s closed-source firmware that ships on a limited set of devices.

More: https://www.zdnet.com/article/qualpwn-vulnerabilities-in-qualcomm-chips-let-hackers-compromise-android-devices/

 

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.