Qualcomm has issued a security update for the firmware of two of its popular Snapdragon system-on-chip (SoC) parts, the Snapdragon 835 and 845, following the discovery of a serious security vulnerability dubbed QualPwn.
Designed for use in smartphones and tablets the Qualcomm Snapdragon 835 and 845 system-on-chip (SoC) parts boast impressive specifications, with up to eight CPU cores, a visual processing subsystem which gives the GPU additional capabilities, a digital signal processor aimed at on-device artificial intelligence (AI) processing, and the company's Snapdragon X20 LTE modem with built-in 802.11ac 2x2 MU-MIMO Wi-Fi. The latter, however, has turned out to be more of a liability than a feature, thanks to a serious security vulnerability in its driving firmware.
'QualPwn is a series of vulnerabilities discovered in Qualcomm chips. One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air,' explain representatives of Tencent's Blade security team in an advisory published this week. 'The other allows attackers to compromise the Android Kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android Kernel over-the-air in some circumstance.'
The flaws were communicated to Qualcomm privately, so that patches could be developed. These patches were supplied to original equipment manufacturers (OEMs) in early June, and have now been included by Google in the Android August 2019 Security Patch - an update which, sadly, not all manufacturers bother to build into updated firmware and pass on to end users.
'Providing technologies that support robust security and privacy is a priority for Qualcomm,' a company spokesperson has said. 'We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.'
The researchers at Tencent Blade have confirmed they will be sharing more details about QualPwn at the BlackHat USA 2019 and DEFCON 27 conferences, though state that they will not disclose details of how the vulnerabilities can be exploited until 'we're informed that the flaws are fixed and consumers have time to install security updates on their devices.'
April 3 2020 | 14:09