It has become a trend that people consider phones with Qualcomm Snapdragon processors inside to have the best performance. They have become the benchmarks of the processing power. The latest SoC to come out from them is Snapdragon 855 Plus.
The Android Open Source Project website has published the Security Bulletin for August 2019. The astonishing fact is the two high-risk vulnerabilities present on the devices with Snapdragon processors. Both the issues have been referred to as QualPwn by them. The chipset maker is now aware of the problems and released the security patch.
QualPwn Make Millions of Smartphones Vulnerable
As you already got to know, QualPwn is the name of the latest vulnerabilities of Qualcomm-powered smartphones. In case you don’t know the extent of the issues, they allow a hacker to get access to your phone via a Wireless Local Area Network or cell modem (remotely).
It is true that the manufacturer has taken the precaution to embed Secure Boot. However, the vulnerabilities defeat this functionality to give the attacker an edge to control the baseband. Once it happens, he will get access to your personal data.
Around 34 devices are found to have the vulnerabilities including OnePlus 7, 7 Pro, Asus ZenFone 6Z, Oppo Reno, Nubia Red Magic 3, Black Shark 2, and Redmi K20 Pro. Moreover, the devices with dated and ongoing Snapdragon chipsets are also under the influence of the risk.
The chipsets include Snapdragon 845, 855, 835, 820, 730, 712, 710, 675, 670, 665, and 636. Not only did the vulnerability sneak into mobile chipsets, Snapdragon 850 and 8CX designed for laptops and IoT devices also fall under the category of affected chipsets.
The issue was first identified by Tencent Blade. They verified the issue on Google Pixel 2 and Pixel 3. Both the devices packs in Snapdragon 835 and 845 respectively. Even if they didn’t test anything else, chances are other devices also fall victim to the threat.
The issues first came under limelight in February this year. After Tencent Blade notified Google of the vulnerabilities, the search engine giant roped Qualcomm in. The patches for the problems have already been forwarded to the OEMs. It’s just the matter of getting the OTA updates.
In case you have no pending updates, you have to be careful not to reuse passwords. By using a strong lock screen, never following unauthorized links, and using two-factor authentication, you can stay away from the threat.
You need to know the above manoeuvres don’t prevent the security flaw but minimize the damage one adheres to.
Leave a Reply