Technology

Qualcomm Chip Vulnerability Leaves Android Phones at Risk

1 1 minute read
Qualcomm Chip Vulnerability Leaves Android Phones at Risk
Qualcomm Chip Vulnerability Leaves Android Phones at Risk.jpg

A recently discovered security flaw in Qualcomm processors has raised concerns about the safety of numerous Android devices. Security experts are warning that attackers could potentially gain complete control of affected devices and access sensitive information.

The vulnerability, identified by Kaspersky ICS CERT, resides in the BootROM of specific Qualcomm chips. This firmware is hardcoded into the hardware and initiates before the operating system boots up, making the flaw extremely critical. The vulnerability is known as CVE-2026-25262, and Qualcomm was notified about it in March 2025, confirming the issue in April 2025.

The affected Qualcomm chips include MDM9x07, MDM9x45, MDM9x65, MSM8909, MSM8916, MSM8952, and SDX50. There may be other vulnerable chips as well.

The older chipsets affected by the vulnerability were released between 2014-2019 and are present in devices like the Samsung Galaxy S10 5G, LG V50 ThinQ 5G, OnePlus 7 Pro 5G, and Xiaomi Mi Mix 3 5G. Additionally, some older models such as Galaxy S7 and S8, Google Pixel 2/2XL, LG G5, HTC One A9, Motorola Moto G4/G4 Plus, and Honor 4A are also at risk. These devices are no longer receiving software updates, including security patches, making them permanently vulnerable.

The security flaw revolves around the Sahara protocol used during Emergency Download Mode (EDL) switch. Attackers with physical access can exploit this protocol to bypass security measures, like Secure Boot Chain, and embed malware deep within the system, potentially creating backdoors for unauthorized access.

In the event of a compromised device, attackers could gain access to stored files, contacts, passwords, location data, activate the camera and microphone, and take full control of the device. Restarting the device may not necessarily resolve the issue as the malware could be deeply embedded in the system.

To mitigate risks, users are advised to only visit reputable repair shops, avoid leaving devices unattended, monitor device access during transportation or handover, and if suspicious activities are detected, power off the device completely and fully discharge the battery.

It is essential to stay vigilant and take necessary precautions to protect your devices from potential security breaches. This article was originally published on PC-WELT and has been translated and adapted from German.

Tags
1 1 minute read

Related Articles

Samsung Galaxy Z Fold 7: I Finally Get The Folding Phone Hype

Samsung Galaxy Z Fold 7: I Finally Get The Folding Phone Hype

9 hours ago
CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

2 days ago
Samsung Galaxy S27: Release Date, Price & Specs Rumours

Samsung Galaxy S27: Release Date, Price & Specs Rumours

3 days ago
Oppo Pad mini: Hands-on Impressions

Oppo Pad mini: Hands-on Impressions

3 days ago
Back to top button