Hackers are able to target many leading Android mobile phones and other gadgets via Wi-Fi, researchers have revealed.
Devices powered by Qualcomm’s Snapdragon family of processors are susceptible to the threat, which would allow hackers to gain access to a device simply by connecting to the same Wi-Fi network.
Known together as “QualPwn”, the two flaws can be exploited “over the air”, meaning they only need to be close to the victim, meaning a hacker wouldn’t even need to be in the same room as the target to be able to access their device.
Over the air
The issues were found by Tencent Blade, the security arm of Chinese gaming giant Tencent, and were revealed at the Black Hat cybersecurity event in Las Vegas this week.
Both exploit flaws in how the Snapdragon hardware connects to Wi-Fi networks and stays secure when online, meaning that once connected, third-parties could send malicious data packets over the air and then run code that could allow them full control over a victim’s device.
Tencent Blade added that pretty much all devices powered by the Snapdragon 835 or 845 will be at risk, with the Google Pixel 2 and Pixel smartphones used to highlight the flaws in its report.
Qualcomm says it had released a patch addressing the flaw, and says it has made its licensees have been alerted to allow them to prepare fixes, with the company noting that its investigations found nearly all Snapdragon kit is affected.
QualPwn has now been patched by Google latest August 2019 Android security update, and users are being urged to update as soon as possible.