Cybersecurity researchers have discovered that hackers are able to target many leading Android mobile phones and other gadgets via Wi-Fi. They say that devices powered by Qualcomm’s Snapdragon processors are susceptible to the threat, which allows hackers to gain access to a device simply by connecting to the same Wi-Fi network.
Known together as “QualPwn”, both flaws can be exploited “over the air” meaning that the attackers only need to be close to the victim, not even in the same room, to access the device.
The issues were found by Tencent Blade, the security arm of Chinese gaming giant Tencent.
Both exploit flaws in how the Snapdragon hardware connects to Wi-Fi networks and stays secure when online, meaning that once connected, third-parties could send malicious data packets over the air and then run code that could allow them full control over a victim’s device.
Tencent Blade added that pretty much all devices powered by the Snapdragon 835 or 845 will be at risk, with the Google Pixel 2 and Pixel smartphones used to highlight the flaws in its report.
Qualcomm says it released a patch addressing the flaw, and that its licensees have been alerted to allow them to prepare fixes, with the company noting that it found that all Snapdragon kits have been affected.
QualPwn has now been patched by Google latest August 2019 Android security update, and users are being urged to update as soon as possible.