SoylentNews

"upstart" writes:

████ This a robot sub whomst needing edited. Please report broken subs to chromeass, ████

Submitted via IRC for SoyCow7671

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air [bleepingcomputer.com]

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the AirQualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air

Two serious vulnerabilities in Qualcomm's Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.

The flaws were found in Qualcomm's Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel 2 and 3 but any unpatched phone running one of the two SoCs is vulnerable.

Critical and high-severity bugs

Security researchers from Tencent's Blade team found that one one of the vulnerabilities (CVE-2019-10538, with a high severity rating)  allows attackers to compromise the WLAN and the chip's modem over-the-air.

The second one is a buffer overflow tracked as CVE-2019-10540; it received a critical severity rating and an attacker can exploit it to compromise the Android Kernel from the WLAN component.

The researchers informed both Google and Qualcomm about the flaws and exploitation is currently possible only on Android phones that have not been patched with the latest security updates that rolled out today [android.com].

Qualcomm on June 3 published a security bulletin [qualcomm.com] to original equipment manufacturers (OEMs) to allow them to prepare the Android update for their devices.

The chip maker advises "end users to update their devices as patches become available from OEMs."

Despite patches being available, a high number of phones is likely to remain vulnerable for a long time as the devices may no longer be eligible for updates from the vendor.

Also, not all makers are ready to push the Android update when Google releases it. It is common to see security updates for phones still supported by their maker reach devices with weeks of delay.

Full disclosure ahead

Tencent's Blade researchers are scheduled to present the technical details for the QualPwn bugs and exploiting them on Thursday, at the Black Hat security conference. They have already published a brief advisory [tencent.com] about the two vulnerabilities.

"On the Qualcomm platform, subsystems are protected by the Secure Boot and unable to be touched externally. We'll introduce the vulnerability we found in Modem to defeat the Secure Boot and elevate privilege into Modem locally so that we can setup the live debugger for baseband."

With the debugger, they could learn the system architecture, the components and how the code and the data flow work. This also allowed them to determine the attack surface of the WLAN firmware.

The Black Hat presentation [blackhat.com] will include details about exploiting the WLAN firmware layer, its integration in the modem as an isolated user-space application constraint, and reaching the modem.

Ionut Ilascu [bleepingcomputer.com] Ionut Ilascu is freelancing as a technology writer with a focus on all things cybersecurity. The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia.

• Previous Article [bleepingcomputer.com]
• Next Article [bleepingcomputer.com]

Post a Comment Community Rules [bleepingcomputer.com] You need to login in order to post a comment

Not a member yet? Register Now [bleepingcomputer.com]

Popular Stories

• GermanWiper Ransomware Erases Data, Still Asks for Ransom

• Beware of Emails Asking You to "Confirm Your Unsubscribe" Request

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer [bleepingcomputer.com], please use the form below.

Newsletter Sign Up Main Sections

• News [bleepingcomputer.com]
• Downloads [bleepingcomputer.com]
• Virus Removal Guides [bleepingcomputer.com]
• Tutorials [bleepingcomputer.com]
• Startup Database [bleepingcomputer.com]
• Uninstall Database [bleepingcomputer.com]
• File Database [bleepingcomputer.com]
• Glossary [bleepingcomputer.com]

Community

• Forums [bleepingcomputer.com]
• Forum Rules [bleepingcomputer.com]
• Chat [bleepingcomputer.com]

Useful Resources

• Welcome Guide [bleepingcomputer.com]
• Sitemap [bleepingcomputer.com]

Company

• About BleepingComputer [bleepingcomputer.com]
• Contact Us [bleepingcomputer.com]
• Advertising [bleepingcomputer.com]
• Write for BleepingComputer [bleepingcomputer.com]
• Social & Feeds [bleepingcomputer.com]
• Changelog [bleepingcomputer.com]

Terms of Use [bleepingcomputer.com] - Privacy Policy [bleepingcomputer.com]

Login UsernamePasswordRemember MeSign in anonymously Sign in with Twitter [bleepingcomputer.com]

Not a member yet? Register Now [bleepingcomputer.com]

Reporter Help us understand the problem. What is going on with this comment?

Original Submission