QualPwn problems allow to crack Android devices with Qualcomm chips

The August patch set for Android included patches for several dangerous vulnerabilities under the general name QualPwn, which can be used against Android devices with Qualcomm chips on board.

According to Tencent, whose experts have found problems, vulnerabilities can be used to hack sensitive devices “over the air”, without users’ interaction.
Reference:

It is worth noting that hacking “over the air” is not the same as a remote attack via the Internet. In this case, we mean the attack performed via Wi-Fi, so the attacker and his target must be on the same network.

QualPwn hides three problems: CVE-2019-10538 and CVE-2019-10539 (buffer overflow associated with Qualcomm’s WLAN component and Android kernel), as well as CVE-2019-10540 (buffer overflow in Qualcomm WLAN and modem firmware, which comes with Qualcomm chips).

Read also: Bankers attacked 430,000 users in the first half of 2019

Tencent researchers write that they tested QualPwn attacks on Google Pixel 2 and Pixel 3 devices.

“We didn’t test all the Qualcomm chips. We only tested on the Google Pixel2/Pixel3. Results of our tests indicate that unpatched phones running on Qualcomm Snapdragon 835,845 may be vulnerable”, — report Tencent specialists.

However, Qualcomm representatives themselves report that the problem CVE-2019-10540 also affects other chipsets, including: IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 636, 665, 665 SD 675, SD 712, SD 710, SD 670, SD 730, SD 820, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660 and SXR1130.

While the technical details of the found vulnerabilities are not disclosed, and Tencent experts, in fact, limited themselves to a brief reference about the problems.

“We follow the responsible vulnerability disclosure process and will not disclose details of the vulnerabilities until we’re informed that the flaws are fixed and consumers have time to install security updates on their devices”, — claimed Tencent specialists.

The fact is that a full report on QualPwn will be presented at Black Hat and DEFCON conferences, which will start this and next week.
Exit mobile version