Android Phones Vulnerable to Security Threats Due to Qualcomm Chip Flaw

A recently uncovered security flaw in widely used Qualcomm processors poses a significant risk to numerous Android devices. Security experts caution that in a worst-case scenario, attackers could gain complete control of compromised devices and access sensitive information.

Vulnerability lies deep within the system

As per an analysis by Kaspersky ICS CERT, the vulnerability resides in the BootROM of specific Qualcomm chips. This firmware is hardcoded into the hardware and operates even before the operating system initializes, making the flaw exceptionally critical.

The vulnerability is identified by the CVE-2026-25262. Qualcomm was notified about this issue as early as March 2025 and confirmed it in April 2025, according to Kaspersky.

The Qualcomm chips impacted include:

• MDM9x07
• MDM9x45
• MDM9x65
• MSM8909
• MSM8916
• MSM8952
• SDX50

There may be other vulnerable chips as well.

Affected devices (and possible good news)

The positive aspect is that these are relatively dated chipsets released between 2014-2019, present in both budget-friendly and flagship devices from several years ago.

In the most recent models, these chipsets are found in Samsung Galaxy S10 5G, LG V50 ThinQ 5G, OnePlus 7 Pro 5G, and Xiaomi Mi Mix 3 5G.

Other affected devices include, but are not limited to, certain Galaxy S7 and S8 models, Google Pixel 2/2XL, LG G5, HTC One A9, Motorola Moto G4/G4 Plus, and Honor 4A.

These devices are considered ‘end of line’ and no longer receive software support, including security patches. Therefore, if you own one of these devices, it’s advisable to discontinue its use and upgrade to a current device.

Attacks possible even before booting

The investigation focuses on the Sahara protocol, utilized when devices transition to Emergency Download Mode (EDL) – a specialized maintenance mode. In this state, a computer can transfer software to the device even before the operating system initializes.

This is where the issue arises: attackers with physical access can circumvent security mechanisms, including the Secure Boot Chain, as per Kaspersky. This enables malware to be deeply embedded within the system, such as through backdoors.

For detailed technical information, Kaspersky’s analysis of the vulnerability in Qualcomm chips provides further insights.

Access to data, camera, and microphone

If a device is compromised, the potential consequences are extensive. Attackers could:

• Access stored files and contacts
• Retrieve passwords and location data
• Activate the camera and microphone
• Take full control of the device

Security researchers emphasize that such attacks don’t solely impact regular users. Devices could also be tampered with within the supply chain, like during transportation or repairs.

Restarting is not a reliable solution

Notably, a simple restart may not resolve the issue. According to Kaspersky, embedded malware can be so deeply ingrained within the system that detection and removal become challenging.

Additionally, compromised devices could simulate a restart. A complete reset is only secure if the power source is entirely cut off, such as by fully discharging the battery.

What you should bear in mind now

Even though an attack demands physical access, the risk should not be underestimated. Kaspersky recommends:

• Choosing reputable repair shops for device maintenance
• Avoiding leaving smartphones or tablets unattended whenever possible
• Monitoring device access, especially during transportation or handovers
• If suspicious, turning off the device completely and fully draining the battery