A sequence of crucial vulnerabilities have been identified in Qualcomm chipsets that could make it possible for hackers to compromise Android units remotely just by sending destructive packets about-the-air with no user interaction.
Found out by stability scientists from Tencent’s Blade staff, the vulnerabilities, collectively identified as QualPwn, reside in the WLAN and modem firmware of Qualcomm chipsets that powers hundreds of millions of Android smartphones and tablets.
According to researchers, there are largely two essential vulnerabilities in Qualcomm chipsets and one in the Qualcomm’s Linux kernel driver for Android which if chained collectively could make it possible for attackers to just take complete management more than specific Android gadgets within their Wi-Fi assortment.
“One particular of the vulnerabilities makes it possible for attackers to compromise the WLAN and Modem about-the-air. The other will allow attackers to compromise the Android Kernel from the WLAN chip. The total exploit chain allows attackers to compromise the Android Kernel around-the-air in some circumstances,” researchers said in a web site publish.
The vulnerabilities in question are:
- CVE-2019-10539 (Compromising WLAN) — The 1st flaw is a buffer overflow situation that resides in the Qualcomm WLAN firmware due to deficiency of duration check out when parsing the prolonged cap IE header duration.
- CVE-2019-10540 (WLAN into Modem problem) — The second concern is also a buffer-overflow flaw that also resides in the Qualcomm WLAN firmware and impacts its community place community (NAN) function thanks to lack of check out of rely benefit acquired in NAN availability attribute.
- CVE-2019-10538 (Modem into Linux Kernel challenge) — The third concern lies in Qualcomm’s Linux kernel driver for Android that can be exploited by subsequently sending destructive inputs from the Wi-Fi chipset to overwrite components of Linux kernel managing the device’s key Android working technique.
When compromised, the kernel presents attackers entire method entry, such as the means to set up rootkits, extract delicate information, and conduct other destructive steps, all although evading detection.
However Tencent researchers tested their QualPwn assaults from Google Pixel 2 and Pixel 3 products that are jogging on Qualcomm Snapdragon 835 and Snapdragon 845 chips, the vulnerabilities influence several other chipsets, in accordance to an advisory released by Qualcomm.
“IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130”
Researchers discovered the QualPwn vulnerabilities in February and March this year and responsibly claimed them to Qualcomm, who then introduced patches in June and notified OEMs, which include Google and Samsung.
Google just yesterday launched protection patches for these vulnerabilities as element of its Android Protection Bulletin for August 2019. So, you are advised to down load the protection patches as shortly as they are accessible
Due to the fact Android phones are infamously gradual to get patch updates, scientists have resolved not to disclose comprehensive complex details or any PoC exploit for these vulnerabilities whenever quickly, supplying stop-end users enough time to receive updates from their gadget producers.