Qualcomm Chip Vulnerability Leaves Android Phones at Risk

A newly found safety flaw in extensively used Qualcomm processors might put quite a few Android units in danger. Safety researchers warn that, within the worst-case state of affairs, attackers might take full management of affected units and entry delicate knowledge.

Vulnerability lies deep inside the system

In accordance with an evaluation by Kaspersky ICS CERT, the vulnerability is situated within the so-called BootROM of sure Qualcomm chips.

This firmware is hard-coded into the {hardware} and is already operating earlier than the working system begins. That is exactly what makes the flaw notably important.

The vulnerability is registered underneath the identifier CVE-2026-25262. In accordance with Kaspersky, Qualcomm was knowledgeable as early as March 2025 and confirmed the difficulty in April 2025.

The Qualcomm chips affected are:

• MDM9x07
• MDM9x45
• MDM9x65
• MSM8909
• MSM8916
• MSM8952
• SDX50

Different chips may additionally be weak.

Affected units (and doable excellent news)

The excellent news is that these are pretty outdated chipsets launched between 2014-2019, present in cheaper units in addition to flagship telephones from a few years in the past.

They seem like discovered, in the latest fashions, contained in the Samsung Galaxy S10 5G (beneath), LG V50 ThinQ 5G, OnePlus 7 Professional 5G, and the Xiaomi Mi Combine 3 5G.

Foundry

Different units embody, however will not be restricted to, some Galaxy S7 and S8 fashions, the Google Pixel 2/2XL, LG G5, HTC One A9, Motorola Moto G4/G4 Plus and Honor 4A.

These are all thought of ‘finish of line’ and now not obtain software program help, together with safety patches. So, for those who do nonetheless have one, it’s best to cease utilizing it and improve to one thing present anyway.

Assaults doable even earlier than booting

The investigation focuses on the so-called Sahara protocol. It’s used when units swap to Emergency Obtain Mode (EDL) – a particular upkeep mode. On this state, a pc can switch software program to the machine even earlier than the working system begins.

That is exactly the place the issue lies: in response to Kaspersky, attackers with bodily entry can bypass safety mechanisms, together with the so-called Safe Boot Chain. This permits malware to be embedded deep inside the system, for instance, within the type of backdoors.

Kaspersky supplies additional technical particulars in its evaluation of the vulnerability in Qualcomm chips.

Entry to knowledge, digicam and microphone

If a tool is compromised, the probabilities are far-reaching. Attackers might do the next:

• Entry saved recordsdata and contacts
• Learn passwords and placement knowledge
• Activate the digicam and microphone
• Take full management of the machine

Safety researchers level out that such assaults don’t solely have an effect on abnormal customers. Gadgets is also tampered with inside the provide chain – for instance, throughout transport or repairs.

Restarting just isn’t a dependable resolution

Significantly insidious: a easy restart doesn’t essentially remedy the issue. In accordance with Kaspersky, put in malware could be embedded so deeply inside the system that it’s tough to detect or take away.

Moreover, compromised units might merely feign a restart. A reset is just really safe if the facility provide is totally minimize off – for instance, by absolutely discharging the battery.

What it’s best to keep in mind now

Even when an assault requires bodily entry, you shouldn’t underestimate the danger. Kaspersky recommends, amongst different issues:

• Solely take your machine to respected restore retailers.
• The place doable, don’t go away your smartphone or pill unattended.
• Monitor entry to your units, notably when transporting or handing them over.
• When you suspect something: swap off the machine fully and absolutely discharge the battery.