QualPwn exploit: All you need to know

To most of us, the security of our devices and data is of paramount importance. We all take measures to ensure our devices aren’t prone to malicious attacks, but in some unfortunate cases, there’s not much we can do.

The largest mobile SoC manufacturer in the world, Qualcomm, takes great pride in delivering air-tight, secure modules. But surprisingly, select Qualcomm chipsets were recently exposed to a series of vulnerabilities named QualPwn. Researchers at the Tencent Blade Team tested them out and reported them back to Google and Qualcomm for immediate patching.

If you aren’t aware of QualPwn and the impact of the reported vulnerabilities, go through the sections below to get up to speed. So, without further ado, let’s dig in.

What is QualPwn?

QualPwn is a series of vulnerabilities in Qualcomm mobile chipsets discovered by one of China’s biggest tech firms, Tencent Blade. The series of vulnerabilities allows a perpetrator to attack your WLAN and Modem over-the-air, which can then lead to full-blown kernel exploitation. In theory, QualPwn lets an attacker gain full root access on your device, without you having a whiff of the ongoing assault.

Affected Chipsets 

The Tencent Blade team initially tested on Google Pixel 2 and Pixel 3, which led to the conclusion that devices running on Qualcomm Snapdragon 835 or Snapdragon 845 might be vulnerable.

As a responsible tech firm, Tencent Blade took its findings to Qualcomm, and the latter worked relentlessly to patch the potentially vulnerable chipsets. After successfully working out the vulnerabilities, Qualcomm released the list of chipsets that were patched.

List of Affected Chipsets

These are the processors that are affected by the QualPwn exploit. If you have a device powered by any of these processors, your device is vulnerable.

  • Snapdragon 636
  • Snapdragon 665
  • Snapdragon 675
  • Snapdragon 712 / Snapdragon 710 / Snapdragon 670
  • Snapdragon 730
  • Snapdragon 820
  • Snapdragon 835
  • Snapdragon 845 / SD 850
  • Snapdragon 855
  • Snapdragon 8CX
  • Snapdragon 660 Development Kit
  • Snapdragon 630
  • Snapdragon 660
  • Snapdragon 820 Automotive
  • IPQ8074
  • QCA6174A
  • QCA6574AU
  • QCA8081
  • QCA9377
  • QCA9379
  • QCS404
  • QCS405
  • QCS605
  • SXR1130

Is your device Affected?

Theoretically, if your device is powered by any of the processors listed above and doesn’t have the August or latest security patch yet, it runs the risk of being exploited through QualPwn.

How to be safe from QualPwn exploit?

After getting the report from Tencent Blade, Qualcomm immediately started working on the potentially vulnerable chipsets. It took them a good couple of months, but the fixes have been made available through the latest security update across OEMs.

When Chinese OEMs, OnePlus and Xiaomi, released their security updates ahead of time, many enthusiasts predicted the companies were trying to patch up a major vulnerability. Eventually, Qualcomm addressed the issue through a well-worked press release, revealing they had supplied various OEMs with the patches, which should take care of the problem for good.

Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.

So, make sure to update your device as soon as an OTA becomes available.

Now, if your smartphone’s OEM/carrier isn’t pushing out regular security updates, it’s almost impossible to make it bulletproof. But there are still a few measures you could take to ensure maximum security.

As QualPwn attackers can only exploit through WLAN, the attack can’t be directed over-the-air, no in its truest sense, at least. To successfully exploit your device, the perpetrator needs to be on the same WiFi network and have comprehensive knowledge of the exploit.

Also, only Tencent Blade knows about the exploit and how to abuse it. Thankfully, the firm hasn’t released any public information about the same, and as a result, the vulnerability hasn’t been exploited in the wild, so far.

To top it off, Tencent Blade has revealed they will not disclose the gory details until Qualcomm and OEMs deliver the fixes to most smartphones.

Can an Anti-Virus Fix it?

As its a deep-rooted vulnerability, it’s impossible to fix it through 3rd-party anti-virus software. So, except for installing the latest security patch, there’s not much you can do. If you’re not content with your options, you could maybe buy an Exynos-powered smartphone.

We have seen many Linux-based exploits over the years. Hackers have abused those vulnerabilities relentlessly, accessing sensitive data. This one, however, looks worse than it actually is.

Yes, it can potentially give an attacker full access to your kernel and all your data. But the thing to remember here is that there are a lot of variables, which need to line up perfectly for the attacker to even have a chance.

Qualcomm and other chipset manufacturers must take this slip-up as a lesson, learn from it, and make sure users are not held accountable for their shortcomings.


RELATED


Source: Tencent | XDA

Posted by
Sushan

A mediocre engineer hoping to do something extraordinary with his pen (well, keyboard). Loves Pink Floyd, lives football, and is always up for a cup of Americano.

3 Comments

  1. I have the kernel debug message on an old Lenovo and since July I’ve had every single device on my wifi network including my PCs, iOS devices, mom’s laptop, SafeLink (Government benefit for economically desperate, yet…) Had sent me an LG phone which was utterly under fontserver.apks control, which would list all the WLAN package receivers set up wizards lenovo IDs, network interruption, Google firebase index and licenses running a custom Linux distro out of the box basically and my friend had to get a new phone because he was next to me while I set the phone up. Just left cricket bc I had to try again and my brand new moto g 2021 has system dated from 1969 and sticks to November 25 2021 system time, plus safeñonl sent a nice TCL phone never activated but 3 gigs of wifi data used nevermind I just looked after a couple weeks, never got past setting it up. Factory reset doesn’t stop it, I have tons of evidence this one is easy to document so if no one else has seen it in the wild by all means show me how and I’ll show u mine. God sakes I’ve been shut out of the fu*** economy for months. My Lenovo tablet says kernel in debug return to vendor
    It was metro freebie what are they going to do about it? Moto says custom build, just a second… RZBS31.Q2-143-27-4 updated in December from RZBS31.Q2-143-27-1. at least I got the appearance of a sec patch whereas the LG never once connected to the server the patches supposedly reside in. Idk but custom android builds arent generally stock are they?

  2. I have the kernel debug message on an old Lenovo and since July I’ve had every single device on my wifi network including my PCs, iOS devices, mom’s laptop, SafeLink (Government benefit for economically desperate, yet…) Had sent me an LG phone which was utterly under fontserver.apks control, which would list all the WLAN package receivers set up wizards lenovo IDs, network interruption, Google firebase index and licenses running a custom Linux distro out of the box basically and my friend had to get a new phone because he was next to me while I set the phone up. Just left cricket bc I had to try again and my brand new moto g 2021 has system dated from 1969 and sticks to November 25 2021 system time, plus safeñonl sent a nice TCL phone never activated but 3 gigs of wifi data used nevermind I just looked after a couple weeks, never got past setting it up. Factory reset doesn’t stop it, I have tons of evidence this one is easy to document so if no one else has seen it in the wild by all means show me how and I’ll show u mine. God sakes I’ve been shut out of the fu*** economy for months. My Lenovo tablet says kernel in debug return to vendor
    It was metro freebie what are they going to do about it? Moto says custom build, just a second… RZBS31.Q2-143-27-4 updated in December from RZBS31.Q2-143-27-1. at least I got the appearance of a sec patch whereas the LG never once connected to the server the patches supposedly reside in. Idk but custom android builds arent generally stock are they?

    1. The LG phone is runningBuild info: ocean_t-user 10 QCOS30.85-18-10 0cd52 release-keys
      Serial number: ZY326KXS9R
      Description: There is an invisible selection among The folders available to choose from for uploading to my personal OneDrive I took a screenshot and I know got the institutional account associated my personal one is compromised

Comments are closed.