Another day, another Android flaw. That’s how life in the digital fast lane moves. Two significant Android vulnerabilities affecting Qualcomm SOCs were recently announced, and both flaws could have potentially severe impacts. These two flaws are effectively called QualPwn.
QualPwn was discovered by the Chinese research and tech group known as Tencent. Tencent found both flaws and correctly reported both issues to Google and Qualcomm. Qualcomm then sent notices to Android device manufacturers, notifying them of the security flaws to start working on driver patches.
Table of Contents
Two Exploits One Qualcomm
Both exploits allow QualPwn to compromise any Android device remotely, but in different ways, which is quite scary.
The first exploit, known as CVE-2019-10538, attacks the Android kernel through the WiFi interface. Specially crafted packets can be sent to target devices. These packets allow for remote code execution with kernel-level privileges (IE low-level root privileges).
The second exploit, known as CVE-2019-10540, attacks the WiFi interface much like the exploit above. This exploit allows for generic code execution on devices. Also, CVE-2019-10540 targets the modem firmware.
Both exploits work by creating buffer overflows. Buffer overflows work by forcing code to push memory execution outside of its normal bounds. If attackers can predict where that overflow will happen, they can inject code into those overflow spaces for implementation.
QualPwn is directly affecting Qualcomm chips, and there isn’t a patch to fix it yet.
The first exploit, though targeted at Qualcomm SOCs, is an Android exploit. This vulnerability has been patched in the August 2019 security patch set for Android. The second exploit targets Qualcomm chipsets directly. This flaw needs to be fixed by device manufacturers with new driver updates.
It’s recommended that everyone should apply these patches to devices as quickly as possible. This won’t be an issue for Google-branded devices like the Pixel phones and Android One devices because these phones tend to be patched promptly. Android One device owners can at least rest assured knowing that Android One devices are required to be updated within a specific timeframe designated by Google.
Problems and Pitfalls
The same can’t be said for other devices like Samsung smartphones or LG products, though. Though Google encourages 3rd party device manufacturers to patch devices as fast as possible, there is no guarantee that patches will be released promptly. It’s relatively common for 3rd party device manufacturers not to have system updates ready for weeks or months after vulnerabilities are announced.
Having to work with United States cell carriers only makes this process harder. All of the primary cell carriers within the United States require any device patches, including security vulnerabilities, to be tested before being released. These patches also have to be rolled out through the cell carriers, which often push updates out in phases.
This poses a serious issue with the current security landscape for Android phones. Carriers have primarily been the biggest roadblock to deploying patches and updates in the past. To Google’s credit, they have been working on removing carriers from the update process so that security patches can be deployed quicker.
Though newer devices will most likely receive the August 2019 security patches at some point, the same can’t be said for older models of smartphones and tablets. Tencent stated that they only tested the exploits with the Pixel 2 and Pixel 3 devices, but they released a memo stating that a much broader range of Qualcomm SOCs was affected. These SOCs include popular chips used in low and mid-range devices as well as older devices.
It’s important to note that QualPwn only appears to affect Android-powered devices currently. Qualcomm parts are used in a lot of non-Android-powered devices or smartphones. Devices that don’t use Android, like IoT devices, won’t be affected by QualPwn.
How Does QualPwn Work?
QualPwn may only work through a WLAN interface, but it’s something to take seriously.
We also need to state that as dangerous as these exploits are, they only work through the WLAN interface. Neither can be used through a cellular connection. That limits the effectiveness of QualPwn. Because of that, it’s very likely that if someone is attacked with QualPwn, that victim would be highly targeted.
An easy way to mitigate QualPwn until a device receives those security patches would turn off the WiFi radio on a device. This poses other issues, like potentially faster battery drains or increased data bills. Still, it’s an option for high-risk targets to utilize for the moment to mitigate the risk of being attacked.
For more information about QualPwn and learn how to keep your devices safe and secure, send us a message or call 480-493-5999 today!