Tag: vulnerability

Summary created by Smart Answers AI In summary: Tech Advisor reports that Kaspersky discovered a critical hardware vulnerability (CVE-2026-25262) in older Qualcomm chipsets from 2014-2019, affecting devices like Samsung Galaxy S10 5G and Google Pixel 2. Attackers with physical access can exploit the Sahara protocol flaw to bypass security measures and embed malware deeply into affected Android devices. Users should upgrade to newer devices since these older chipsets no longer receive security updates, leaving millions of phones permanently vulnerable. A recent security vulnerability has been discovered in widely used Qualcomm processors, posing a risk to numerous Android devices. Security experts warn that attackers could potentially gain complete control of affected devices and access sensitive data. Vulnerability lies deep within the system According to an analysis by Kaspersky ICS CERT, the vulnerability resides in the BootROM of specific Qualcomm chips, which is firmware hardcoded into the hardware and runs before the operating system boots. This critical flaw, identified as CVE-2026-25262, was reported to Qualcomm in March 2025 and confirmed in April 2025. The affected Qualcomm chips include: MDM9x07 MDM9x45 MDM9x65 MSM8909 MSM8916 MSM8952 SDX50 Other chipsets may also be vulnerable. Affected devices (and possible good news) The vulnerable chipsets are primarily older models released between 2014-2019, commonly found in less expensive as well as flagship devices from previous years. Some affected devices include Samsung Galaxy S10 5G, LG V50 ThinQ 5G, OnePlus 7 Pro 5G, and Xiaomi Mi Mix 3 5G. Foundry Other affected devices include some Galaxy S7 and S8 models, Google Pixel 2/2XL, LG G5, HTC One A9, Motorola Moto G4/G4 Plus, and Honor 4A. These devices are considered outdated and no longer receive software updates, including security patches. It is advisable to discontinue using these devices and upgrade to newer models. Attacks possible even before booting The security flaw centers around the Sahara protocol, utilized during the transition to Emergency Download Mode (EDL) for maintenance purposes. In this mode, software can be transferred to the device before the operating system initializes. This vulnerability allows attackers with physical access to circumvent security mechanisms, such as Secure Boot Chain, enabling the deep embedding of malware within the system. For more technical insights, refer to Kaspersky's analysis of the vulnerability in Qualcomm chips. Access to data, camera, and microphone If a device is compromised, attackers could potentially: Access stored files and contacts Retrieve passwords and location data Activate the camera and microphone Assume full control of the device Security experts caution that such attacks not only impact individual users but also pose risks within the supply chain, such as during device transportation or repairs. Restarting is not a reliable solution A simple restart may not effectively resolve the issue as embedded malware could be deeply entrenched within the system, making detection and removal challenging. Compromised devices might simulate a restart, emphasizing the importance of completely cutting off power, like discharging the battery, for a secure reset. What you should bear in mind now Despite requiring physical access, the security risk should not be underestimated. Kaspersky recommends the following precautions: Choose reputable repair shops for device maintenance Avoid leaving smartphones or tablets unattended whenever feasible Monitor device access, especially during transit or handovers If suspicious activity is suspected, power off the device completely and drain the battery This article was originally published on our affiliate site PC-WELT and has been translated and adapted from German.

Tag: vulnerability

Qualcomm Chip Vulnerability Leaves Android Phones at Risk

Apple refused to pay bounty to Kaspersky for uncovering vulnerability in ‘Operation Triangulation’

Quick Links

Resources

Support