Android Warning: Users of these following smartphones are urged to patch up security because of chipset flaw

Qualcomm is the world’s biggest chipset manufacturer and processor supplier for many big OEMs. These chipsets power up the majority of the Android smartphones in the market.

Now, Qualcomm said on its official website that some of these processors have been discovered to contain a number of vulnerabilities. According to new findings, these vulnerabilities has been referred to as “QualPwn”.

Millions at risk with Qualcomm Snapdragon’s critical flaw

A bug on Qualcomm Snapdragon chipsets called "QualPwn" brings vulnerabilities to smartphones, millions at risk
A bug on Qualcomm Snapdragon chipsets called “QualPwn” brings vulnerabilities to smartphones, millions at risk

The security researchers from Tencent Blade discovered the flaw. Tencent Blade is a Chinese Internet giant that is known to operate WeChat messaging service and owns 40% of Epic Games, the makers of Fortnite.

The flaw which is called “QualPwn” has been discovered on recent Qualcomm chips including the Snapdragon 835 and 845. Such chips are used in most premium Android smartphones released last year such as Samsung‘s Galaxy S9, Google Pixel 3, OnePlus 6 and many more.

Google Pixel 2 and Pixel 3

One of the vulnerabilities allow the attackers to exploit the targeted device “over the air” through the Wi-Fi and cellular modem components of the device. Other vulnerabilities allow attackers to directly compromise the Android Kernel via Wi-Fi chip without the user’s knowledge.

However, in order to execute the “over the air” attack, both attacker and target must be on the same Wi-Fi network.

But according to Tencent Blade, it has tested the exploit on the Google Pixel 2 and Pixel 3 and it has declared results of “unpatched phones running on Qualcomm Snapdragon 835 and 845 may be vulnerable.”

Users are urged to download update in order to patch up security

Fortunately though, researchers from Tencent Blade had not found public exploit code for vulnerability. This means that it is unlikely that the security flaw has infiltrated many smartphones.

Qualcomm has since released a new security bulletin which discusses the issue and emphasized OEMs to release updates on devices running its hardware to patch up this security flaw. Here is Qualcomm’s full statement on the security issue:

Providing technologies that support robust security and privacy is a priority for Qualcomm.We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.

Google has already patched “QualPwn” in its newest August 2019 security patch that is already available for its Pixel smartphone users. Meanwhile, some OEMs are yet to release their August 2019 security patch for their devices. Users are encouraged to download the update as soon as it is made available.

Here are the list of Android smartphones that run the Qualcomm chipsets that the company has issues advisory for:

1. Qualcomm Snapdragon 855

  • OnePlus 7
  • OnePlu 7 Pro
  • Oppo Reno
  • Asus 6Z
  • Nubia Red Magic 3
  • Black Shark 2
  • Redmi K20 Pro

2. Qualcomm Snapdragon 845

  • OnePlus 6T
  • Google Pixel 3
  • Google Pixel 3 XL
  • OnePlus 6
  • Xiaomi Poco F1
  • Asus ZenFone 5Z
  • LG V30+
  • LG G7 ThinQ
  • Vivo Nex

3. Qualcomm Snapdragon 710

  • Realmi X
  • Oppo R17 Pro
  • Nokia 8.1

4. Qualcomm Snapdragon 670

  • Google Pixel 3a
  • Google Pixel 3a XL

5. Qualcomm Snapdragon 835

  • Nokia 8 Sirocco

6. Qualcomm Snapdragon 712

  • Vivo Z1 Pro

7. Qualcomm Snapdragon 730

  • Redmi K20

8. Qualcomm Snapdragon 636

  • Redmi Note 5 Pro
  • Nokia 6.1 Plus
  • Asus Max Pro M1
  • Redmi 6 Pro

9. Qualcomm Snapdragon 660

  • Asus Max Pro
  • Mi A2

10. Qualcomm Snapdragon 675

  • Redmi Note 7 Pro
  • Vivo V15 Pro
  • Samsung A70
  • Samsung M40

Leave a Reply

Your email address will not be published.