QualPwn exploit: All you need to know

To most of us, the security of our devices and data is of paramount importance. We all take measures to ensure our devices aren’t prone to malicious attacks, but in some unfortunate cases, there’s not much we can do.

The largest mobile SoC manufacturer in the world, Qualcomm, takes great pride in delivering air-tight, secure modules. But surprisingly, select Qualcomm chipsets were recently exposed to a series of vulnerabilities named QualPwn. Researchers at the Tencent Blade Team tested them out and reported them back to Google and Qualcomm for immediate patching.

If you aren’t aware of QualPwn and the impact of the reported vulnerabilities, go through the sections below to get up to speed. So, without further ado, let’s dig in.

What is QualPwn?

QualPwn is a series of vulnerabilities in Qualcomm mobile chipsets discovered by one of China’s biggest tech firms, Tencent Blade. The series of vulnerabilities allows a perpetrator to attack your WLAN and Modem over-the-air, which can then lead to full-blown kernel exploitation. In theory, QualPwn lets an attacker gain full root access on your device, without you having a whiff of the ongoing assault.

Affected Chipsets 

The Tencent Blade team initially tested on Google Pixel 2 and Pixel 3, which led to the conclusion that devices running on Qualcomm Snapdragon 835 or Snapdragon 845 might be vulnerable.

As a responsible tech firm, Tencent Blade took its findings to Qualcomm, and the latter worked relentlessly to patch the potentially vulnerable chipsets. After successfully working out the vulnerabilities, Qualcomm released the list of chipsets that were patched.

List of Affected Chipsets

These are the processors that are affected by the QualPwn exploit. If you have a device powered by any of these processors, your device is vulnerable.

  • Snapdragon 636
  • Snapdragon 665
  • Snapdragon 675
  • Snapdragon 712 / Snapdragon 710 / Snapdragon 670
  • Snapdragon 730
  • Snapdragon 820
  • Snapdragon 835
  • Snapdragon 845 / SD 850
  • Snapdragon 855
  • Snapdragon 8CX
  • Snapdragon 660 Development Kit
  • Snapdragon 630
  • Snapdragon 660
  • Snapdragon 820 Automotive
  • IPQ8074
  • QCA6174A
  • QCA6574AU
  • QCA8081
  • QCA9377
  • QCA9379
  • QCS404
  • QCS405
  • QCS605
  • SXR1130

Is your device Affected?

Theoretically, if your device is powered by any of the processors listed above and doesn’t have the August or latest security patch yet, it runs the risk of being exploited through QualPwn.

How to be safe from QualPwn exploit?

After getting the report from Tencent Blade, Qualcomm immediately started working on the potentially vulnerable chipsets. It took them a good couple of months, but the fixes have been made available through the latest security update across OEMs.

When Chinese OEMs, OnePlus and Xiaomi, released their security updates ahead of time, many enthusiasts predicted the companies were trying to patch up a major vulnerability. Eventually, Qualcomm addressed the issue through a well-worked press release, revealing they had supplied various OEMs with the patches, which should take care of the problem for good.

Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.

So, make sure to update your device as soon as an OTA becomes available.

Now, if your smartphone’s OEM/carrier isn’t pushing out regular security updates, it’s almost impossible to make it bulletproof. But there are still a few measures you could take to ensure maximum security.

As QualPwn attackers can only exploit through WLAN, the attack can’t be directed over-the-air, no in its truest sense, at least. To successfully exploit your device, the perpetrator needs to be on the same WiFi network and have comprehensive knowledge of the exploit.

Also, only Tencent Blade knows about the exploit and how to abuse it. Thankfully, the firm hasn’t released any public information about the same, and as a result, the vulnerability hasn’t been exploited in the wild, so far.

To top it off, Tencent Blade has revealed they will not disclose the gory details until Qualcomm and OEMs deliver the fixes to most smartphones.

Can an Anti-Virus Fix it?

As its a deep-rooted vulnerability, it’s impossible to fix it through 3rd-party anti-virus software. So, except for installing the latest security patch, there’s not much you can do. If you’re not content with your options, you could maybe buy an Exynos-powered smartphone.

We have seen many Linux-based exploits over the years. Hackers have abused those vulnerabilities relentlessly, accessing sensitive data. This one, however, looks worse than it actually is.

Yes, it can potentially give an attacker full access to your kernel and all your data. But the thing to remember here is that there are a lot of variables, which need to line up perfectly for the attacker to even have a chance.

Qualcomm and other chipset manufacturers must take this slip-up as a lesson, learn from it, and make sure users are not held accountable for their shortcomings.


Source: Tencent | XDA

Posted by

A mediocre engineer hoping to do something extraordinary with his pen (well, keyboard). Loves Pink Floyd, lives football, and is always up for a cup of Americano.

Leave a Reply

Your email address will not be published. Required fields are marked *