Various vulnerabilities in smartphone chips from manufacturer Qualcomm make it possible to take over Android phones remotely.
Qualcomm Snapdragon chipsets vulnerable to WiFi attack
Qualcomm chipsets can be found in many Android phones. Google, Samsung, LG, Xiaomi and OnePlus, among others, use these chipsets for their phones. Security company Check Point Software Technologies has now discovered a total of three vulnerabilities in two chipsets, the Qualcomm Snapdragon 835 and 845.
More Snapdragon chipsets may be vulnerable. One of these vulnerabilities allows criminals to penetrate the modem via the WiFi chip. It is possible to access the Android kernel through another leak. By combining both vulnerabilities, remote attackers can completely take over the phone.
They can then eavesdrop on an affected phone, take photos and videos with it, and spy on people via the microphone and camera. Check Point has reported the vulnerabilities to Google and Qualcomm. Google addressed the leaks through the August security update.
The company labeled two of the three vulnerabilities in the Wi-Fi firmware Critical and the third High. It is unclear whether the leak was exploited by criminals.
Smartphone manufacturers notified
Google notified other smartphone manufacturers about the now fixed vulnerabilities at least a month ago so they have had time to develop updates. Unfortunately, that does not mean that other Android phones have already received the August security update.
Some phones only receive an update every quarter. Manufacturers often make a distinction between budget phones, mid-range devices and high-end phones. It may be that a manufacturer now chooses to release an interim update for these phones.