Nearly all Android mobile phones and other gadgets could be at risk of being hacked simply by connecting to a Wi-Fi network, new security research has warned.
Devices powered by Qualcomm's Snapdragon family of processors are susceptible to the threat, which would allow hackers to gain access to a device simply by connecting to the same Wi-Fi network.
Snapdragon processors can be found in most Android phones on the market today, meaning millions of devices may be potentially open to attack.
- Best Android antivirus apps of 2019
- Qualcomm readies for a 5G future
- Cisco fined for selling software with security flaws
Over the air
Known together as “QualPwn“, the two flaws can be exploited “over the air”, meaning they only need to be close to the victim, meaning a hacker wouldn't even need to be in the same room as the target to be able to access their device.
The issues were found by Tencent Blade, the security arm of Chinese gaming giant Tencent, and were revealed at the Black Hat cybersecurity event in Las Vegas this week.
Both exploit flaws in how the Snapdragon hardware connects to Wi-Fi networks and stays secure when online, meaning that once connected, third-parties could send malicious data packets over the air and then run code that could allow them full control over a victim's device.
Tencent Blade added that pretty much all devices powered by the Snapdragon 835 or 845 will be at risk, with the Google Pixel 2 and Pixel smartphones used to highlight the flaws in its report.
Qualcomm says it had released a patch addressing the flaw, and says it has made its licensees have been alerted to allow them to prepare fixes, with the company noting that its investigations found nearly all Snapdragon kit is affected.
QualPwn has now been patched by Google latest August 2019 Android security update, and users are being urged to update as soon as possible.
- Best antivirus software of 2019
Via The Register