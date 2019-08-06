Your phone is built from a myriad of assorted parts, and many of them are "smart" and have their own built-in processors and firmware. That means there are plenty of places for bugs or vulnerabilities to be found that would allow a bad actor to have access to things they shouldn't. The companies who make these parts are always trying to improve and harden things to prevent it, but it's impossible for them to find everything before a component leaves the lab and ends up on the assembly line.

Most exploits are patched before anyone knows they exist, but some make it through.

This makes finding these bugs and vulnerabilities an industry in its own right. At DEFCON 27 and Black Hat 2019, huge venues where exploits are made public and demonstrated (and hopefully, patched), a vulnerability in Qualcomm chips has been announced by the Tencent Blade Team that would allow an attacker to gain access through the kernel and potentially get into your phone and cause harm. The good news is that it was responsibly announced and Qualcomm worked with Google to fix the issue with the August 2019 Android Security Bulletin.

Here's everything you need to know about QualPwn.

What is QualPwn?

Besides being a funny name, QualPwn describes a vulnerability in Qualcomm chips that would allow an attacker to compromise a phone via the WLAN (Wireless Local Area Network) and cell Modem remotely. The Qualcomm platform is protected by Secure Boot, but QualPwn defeats Secure Boot and gives an attacker access to the modem so that debugging tools can be loaded and the baseband can be controlled.

Once that happens, it's possible an attacker can exploit the kernel that Android runs atop of and gain elevated privileges — they can have access to your personal data.

We don't have all the details about how this would happen or how easy it would be, but those are coming during Tencent Blade's Black Hat 2019 and DEFCON 27 presentations.

What is a WLAN?

WLAN stands for Wireless Local Area Network and it's a catch-all name for any group of devices — including mobile phones — that communicate with each other wirelessly. A WLAN can use Wi-Fi, cellular, broadband, Bluetooth or any other wireless type to communicate and it's always been a honeypot for people looking for exploits.

Because so many different device types can be part of a WLAN, there are very specific standards about how a connection is created an maintained. Your phone, including components like Qualcomm's chips, need to incorporate and follow these standards. As standards advance and new hardware is created, bugs and vulnerabilities in how connections are created can happen.

Has QualPWN been fixed?