Tencent Discovers Android “QualPwn” Vulnerabilities

Security researchers from Tencent’s Blade team discovered a series of Android vulnerabilities collectively known as QualPwn in February and March this year.  The vulnerabilities lie in the WLAN and modem firmware of Qualcomm chipsets.  Hundreds of millions of Android devices are at risk of complete take over.

“One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air,” said the researchers in a blog post. “The other allows attackers to compromise the Android Kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android Kernel over-the-air in some circumstances.”

Once the Android device is compromised, the hackers can avoid detection and access the full system including admin privileges, extracting sensitive information, and other malicious action.

The vulnerabilities in question are:

CVE-2019-10539 (Compromising WLAN)

CVE-2019-10540 (WLAN into Modem issue)

CVE-2019-10538 (Modem into Linux Kernel issue)

Qualcomm published an advisory for the following chipsets:

“IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SXR1130”

Qualcomm released patches in June and notified OEMs, including Google and Samsung, though researchers have elected not to disclose full technical details until Android phones receive their patch updates.  Google just released the security patch yesterday in its Android Security Bulletin.