Tencent's security team has revealed a serious vulnerability in Qualcomm chipsets that has been identified as "critical". It touches a large number of devices as it has been unveiled in Snapdragon 835, 845 and others.
In addition, however, others are also affected manufacturer's chips of the 6th, 7th and 8th series, for example. Snapdragon 636, 665, 675, Snapdragon 712, 730 or Snapdragon 820. Vulnerability is indicated as QualPwn. The developer forum provided details XDA Developers.
How can cyber attackers exploit this vulnerability? They can be remotely take control of the entire device and without the user's knowledge e.g. install various content – malicious codes.
Success of the attack it is not conditioned by user interaction. In theory, attackers can download sensitive content, private information, or even track the location of the device from Android devices.
However, it should be noted that both the attacker and the target device must be on the same network. The attack cannot be carried out "just over the Internet". Therefore, users should avoid unsecured WiFi or public wireless networks.
Theoretically, you would have to connect to the same network as someone who has the necessary knowledge and skills to exploit the vulnerability. However, experts did not disclose vital details about QualPwn's vulnerability, or a possible demonstration of how the attack was going.
Potential attackers do not want to "smash" and device manufacturers need time to send updates. Qualcomm has allegedly already prepared the patch. The August security patch that Android smartphones receive on a regular basis will resolve the vulnerability issue.
Older devices are no longer at risk and may no longer receive security updates, or receive them at a greater interval than flagships with a regular monthly security update delivery interval.
Although a huge number of Android devices are potentially at risk, there is no need to panic. But install the update as soon as your smartphone or tablet reports it to you.