QualPwn is a set of vulnerabilities found in Qualcomm Snapdragon 835 and 845 chips. Is it serious? Yes! it is. One vulnerability compromises your phone’s WLAN and Modem over-the-air. The other can open backdoors for attackers to the Android Kernel from the WLAN chip.
It was first identified by Tencent Blade Team and they have published their findings in BlackHat USA 2019 and DEFCON 27. Due to Non-Disclosure Clause, the nitty-gritty of the vulnerability aren’t revealed. That said, they have reported that the vulnerability hasn’t so far been exploited in the wild.
The team spot the issue in Google Pixel 2 and Pixel 3 phones, which run on Qualcomm Snapdragon 835 and 845 chips. So, on that account, all other phones with these chipsets are under risk.
ALSO READ: Qualcomm Snapdragon 855 Plus announced
Alright, now let’s get to the solution.
Guess what? Herein lies the good news, so to speak.
The team had shared all the details of the vulnerabilities to Google and Qualcomm who have issued fixes. Both Qualcomm and Google have released their security bulletin highlighting the issues and solution patches.
This is what Qualcomm had to say:
“Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”
So, we advise our readers to update your Android phones to the latest software update. Go ahead and check for any pending update within the system settings.