Android phones vulnerable to Qualcomm bugs

Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required.

Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.

“One of the vulnerabilities allows attackers to compromise the WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-air in some circumstances,” wrote researchers.

All three vulnerabilities have been reported to Qualcomm and Google’s Android security team and patches are available for handsets. “We have not found this vulnerability to have a public full exploit code,” according to a brief public disclosure of the flaws by the Tencent Blade Team.

Researchers said their focus was on Google Pixel2 and Pixel3 handsets and that its tests indicated that unpatched phones running on Qualcomm Snapdragon 835 and Snapdragon 845 chips may be vulnerable.

A Qualcomm spokesperson told Threatpost in a statement: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”

The first critical bug (CVE-2019-10539) is identified by researchers as a “buffer copy without checking size of input in WLAN.” Qualcomm describes it as a “possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length.”

Hackers may soon able to decode what you are typing on your device






The technology advancement in smartphones may soon enable hackers to intercept what the user is typing on their devices by analyzing the sound of the keypad.

The researchers at Cambridge University and Sweden’s Linkoping University were able to extract passwords by deciphering the sound waves generated by fingers tapping on smartphone’s touch screens.

‘When a user enters text on the device’s touchscreen, the taps generate a sound wave. The device’s microphones can recover the tap and correlate it with the keystroke entered by a victim.’

According to the study, using a spying app, a malicious actor can decode what a person is typing. The study was first reported by the Wall Street Journal. “We showed that the attack can successfully recover PIN codes, individual letters, and whole words,” the researchers wrote.


‘The spying app may have been installed by the victim herself, or by someone else, or perhaps the attacker gave the device to the victim with the app pre-installed – there are several companies offering such services, such as mSpy. We also assume the app has microphone access. Many apps ask for this permission and most of us blindly accept the list of demanded permissions anyway.’

The researchers programmed a machine-learning algorithm that could detect and analyze the soundwave for specific keystrokes. On Smartphone, the researchers were able to correctly replicate the passwords seven times out of 27, within 10 attempts. While on tablets, they achieved better results, replicating for password 19 times out of 27 within 10 attempts.

“We found the device’s microphone(s) can recover this wave and ‘hear’ the finger’s touch, and the wave’s distortions are characteristic of the tap’s location on the screen,” the researchers wrote. “Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device.”