Qualcomm chipsets that could allow hackers to compromise Android
devices remotely just by sending malicious packets over-the-air
with no user interaction.
Discovered by security researchers from Tencent’s Blade team,
the vulnerabilities, collectively known as QualPwn, reside
in the WLAN and modem firmware of Qualcomm chipsets that powers
hundreds of millions of Android smartphones and tablets.
According to researchers, there are primarily two critical
vulnerabilities in Qualcomm chipsets and one in the Qualcomm’s
Linux kernel driver for Android which if chained together could
allow attackers to take complete control over targeted Android
devices within their Wi-Fi range.
“One of the vulnerabilities allows attackers to compromise the WLAN
and Modem over-the-air. The other allows attackers to compromise
the Android Kernel from the WLAN chip. The full exploit chain
allows attackers to compromise the Android Kernel over-the-air in
some circumstances,” researchers said in a blog post[1].
- CVE-2019-10539 (Compromising WLAN) — The first flaw is a
buffer overflow issue that resides in the Qualcomm WLAN firmware
due to lack of length check when parsing the extended cap IE header
length.
- CVE-2019-10540 (WLAN into Modem issue) — The second
issue is also a buffer-overflow flaw that also resides in the
Qualcomm WLAN firmware and affects its neighborhood area network
(NAN) function due to lack of check of count value received in NAN
availability attribute.
- CVE-2019-10538 (Modem into Linux Kernel issue) — The
third issue lies in Qualcomm’s Linux kernel driver for Android that
can be exploited by subsequently sending malicious inputs from the
Wi-Fi chipset to overwrite parts of Linux kernel running the
device’s main Android operating system.
Once compromised, the kernel gives attackers full system access,
including the ability to install rootkits, extract sensitive
information, and perform other malicious actions, all while evading
detection.
Though Tencent researchers tested their QualPwn attacks against
Google Pixel 2 and Pixel 3 devices that are running on Qualcomm
Snapdragon 835 and Snapdragon 845 chips, the vulnerabilities impact
many other chipsets, according to an advisory
published by Qualcomm.
“IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A,
QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405,
QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430,
SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD
675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD
845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660,
SDX20, SDX24, SXR1130”
March this year and responsibly reported them to Qualcomm, who then
released patches in June and notified OEMs, including Google and
Samsung.
Google just yesterday released security patches for these
vulnerabilities as part of its Android Security
Bulletin[3] for August 2019. So, you
are advised to download the security patches as soon as they are
available
Since Android phones are infamously slow to get patch updates,
researchers have decided not to disclose complete technical details
or any PoC exploit for these vulnerabilities anytime soon, giving
end-users enough time to receive updates from their device
manufacturers.
References
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/KKFV2VhgTlo/android-qualcomm-vulnerability.html