EXECUTIVE SUMMARY:

Your mobile phone might be at risk, again.

The Android Security Bulletin reports two critical vulnerabilities connected to Qualcomm chips, which have together been given the nickname QualPwn.

In taking advantage of these exploits, hackers can potentially initiate over-the-air attacks via Wireless Local Area Networks and cell modems. Are attacks over Wi-Fi networks about to explode across IOT devices? It remains to be seen.

With over-the-air attacks, “no user interaction is required.” For people to find themselves victims of cyber threats, it’s no longer necessary for people to click on malicious links, or to download corrupt files. Simply existing and owning a phone will cut the mustard.

Security researchers investigated the bugs within the Google Pixel2 and Pixel3 handsets, and initially thought that QualPwn remained limited in reach, affecting only two types of Snapdragon chips. However, a security advisory pertaining to the second bug has been issued in regards to 27+ different chipsets.

On the bright side, white hats have configured code to patch affected devices. “Android users with affected Qualcomm chipsets will need to look into installing the August 2019 Android OS security patch,” ZDNet reports.

As of the current writing, there have not been any incidents related to hackers meddling with this exploit.

As a long-time reader of CyberTalk.org, you know that the site closely monitors threats to mobile devices. You can be sure to see more coverage of this issue and others in future articles. Stay tuned.

Additional information concerning the QualPwn vulnerabilities is due to be released at the Black Hat USA 2019 security conference.