QualPwn is a newly discovered security vulnerability affecting some un-updated Snapdragon devices

If you’re using a mid-tier to flagship Android device from the last few years, there’s a very good chance you’re using a Qualcomm processor. Normally, that’s a good thing; Qualcomm makes great stuff, and their modems are top-notch. Unfortunately that also means that you might also now be open to a pretty severe vulnerability if your device isn’t updated.

This new exploit, dubbed QualPwn, allows remote access to affected devices over a network. That’s pretty scary and a little more dangerous than many of these exploits that pop up. If you’re using a device with one of these processors, you’re going to be affected:

  • Snapdragon 636
  • Snapdragon 665
  • Snapdragon 675
  • Snapdragon 712 / Snapdragon 710 / Snapdragon 670
  • Snapdragon 730
  • Snapdragon 820
  • Snapdragon 835
  • Snapdragon 845 / SD 850
  • Snapdragon 855
  • Snapdragon 8CX
  • Snapdragon 660 Development Kit
  • Snapdragon 630
  • Snapdragon 660
  • Snapdragon 820 Automotive
  • IPQ8074
  • QCA6174A
  • QCA6574AU
  • QCA8081
  • QCA9377
  • QCA9379
  • QCS404
  • QCS405
  • QCS605
  • SXR1130

That’s a long list, and it covers even brand new devices with the Snapdragon 855 chip that’s currently Qualcomm’s best offering this year.

Essentially, QualPwn makes your device vulnerable over a network. It won’t work over the internet, but if an attacked is on the same WiFi network as you, they can gain remote access to your device, and potentially root access where they can run code and install apps.

But here’s the good news: so far there has been no instance of this exploit in the wild, and that list of affected devices come directly from Qualcomm, who has already issued security patches to get the vulnerability fixed up. So if you do happen to have a device with one of those chips, if you’re on the August security patch from your OEM then you should be in the clear. Qualcomm also tends to release security patches for entire branches of devices that don’t even have the flaw just to keep everything safe, so there’s also a chance that not everything on that list is actually vulnerable.

But just in case, grab that software update sooner rather than later, and stay off of untrusted WiFi networks.

source: XDA Developers

Born in southern Alabama, Jared spends his working time selling phones and his spare time writing about them. The Android enthusiasm started with the original Motorola Droid, but the tech enthusiasm currently covers just about everything. He likes PC gaming, Lenovo’s Moto Z line, and a good productivity app.

Source link