ANDROID users have been warned of a critical security flaw that could allow a device to be hacked over Wi-Fi, according to a new report. Thankfully, it appears the issue can be remedied by downloading a critical Google update.
Android is Google’s mobile operating system that is used by over 2.5 billion devices across the globe.
Many devices running the software harness Snapdragon processors manufactured by Qualcomm – many flagship handsets released last year were powered by the Snapdragon 845 for instance.
However, some of these processors have been discovered to contain a number of vulnerabilities, which are referred to together as QualPwn, according to new findings.
Tencent Blade, a security branch of Tencent, a Chinese firm best known for its gaming ventures, discovered the flaw.
Essentially, QualPwn was noted to be capable of allowing an attacker to hack a targeted device “over the air” using a Wi-Fi signal in some circumstances.
Tencent Blade said it tested the exploit on the Google Pixel 2 and Pixel 3 – the outlet declared its results suggested “unpatched phones running on Qualcomm Snapdragon 835 and 845 may be vulnerable”.
Qualcomm’s Snapdragon 845 processor powers a number of 2018 Android flagships such as the OnePlus 6T, US versions of the Samsung Galaxy S9, Note 9 and more.
Similarly, the manufacturer’s 835 silicon was housed under the hood of a number of 2017 Android devices.
Fortunately, Tencent Blade said it had not found public exploit code for vulnerability, meaning it is unlikely the security flaw has been taken advantage of in the wild.
The security arm said it reported the details of its findings to both Google and Qualcomm.
The latter then released a new security bulletin that discussed the matter and emphasised OEMs should introduce new patches into any devices running its hardware.
Qualcomm’s statement on the security issue read: “Providing technologies that support robust security and privacy is a priority for Qualcomm.
“We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program.
“Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”
Google has patched QualPwn in its newest Android August 2019 security patch that is already available for its Pixel series of devices.
However, a number of other high profile manufacturers are yet to release the August 2019 security patch for their hardware.
Android users with devices harnessing the claimed affected chips are advised to download the new update as soon as they can.