QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air
Two serious vulnerabilities in Qualcomm's Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.
The flaws were found in Qualcomm's Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel 2 and 3 but any unpatched phone running one of the two SoCs is vulnerable.
Security researchers from Tencent's Blade team found that one one of the vulnerabilities (CVE-2019-10538, with a high severity rating) allows attackers to compromise the WLAN and the chip's modem over-the-air.
The second one is a buffer overflow tracked as CVE-2019-10540; it received a critical severity rating and an attacker can exploit it to compromise the Android Kernel from the WLAN component.
The researchers informed both Google and Qualcomm about the flaws and exploitation is currently possible only on Android phones that have not been patched with the latest security updates that rolled out today.
Qualcomm on June 3 published a security bulletin to original equipment manufacturers (OEMs) to allow them to prepare the Android update for their devices.
The chip maker advises "end users to update their devices as patches become available from OEMs."
Despite patches being available, a high number of phones is likely to remain vulnerable for a long time as the devices may no longer be eligible for updates from the vendor.
Also, not all makers are ready to push the Android update when Google releases it. It is common to see security updates for phones still supported by their maker reach devices with weeks of delay.
(Score: 0) by Anonymous Coward on Saturday August 10, @05:17AM
Oh brilliant. Doubt my phone will ever see an update again...
(Score: 2) by driverless on Saturday August 10, @05:28AM
That's the thing with cellphones, you don't worry about the application processor (AP), you go for the bug-ridden, totally insecure baseband (BB) instead, and legions of previous attackers have done just that. Since that can completely control the AP, it doesn't matter what fancy security is in that when your BB is the point of compromise.
(Score: 1) by xenu on Saturday August 10, @05:30AM
The current state of Android security reminds me a lot of late 90s/early 2000s Windows. The cause (fragmentation) is different, but the outcome is almost exactly the same.
(Score: 0) by Anonymous Coward on Saturday August 10, @05:38AM
When is the next month of Sundays then?