To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Hackers could access your Android smartphone over Wi-Fi

Handsets running Qualcomm Snapdragon 835 or 845 chips could still be vulnerable

Nearly all Android smartphones are vulnerable to hacking by Wi-Fi, researchers revealed at a cybersecurity event in Las Vegas.

Tencent Blade, the security wing of Chinese tech firm Tencent, unveiled its findings to an audience at the Black Hat cybersecurity conference, revealing that devices powered by Qualcomm’s Snapdragon chipsets are at risk of being hacked via Wi-Fi.

READ NEXT: Best antivirus for Android: The best free and paid-for apps to keep you safe from viruses, phishing scams and dodgy apps

The flaw allows hackers, simply by dint of connecting to the same Wi-Fi network, to access and control users’ devices. Referred to as “QualPwn”, the series of flaws are allowed to thrive due to a defect in the way Snapdragon hardware connects to Wi-Fi networks and remains secure when online.

Once connected, third parties have the capacity to send malicious data over the air, with a view to eventually gaining remote control of the victim’s handset. Tencent Blade warned audiences that nearly all devices powered by Snapdragon 835 or 845 are at risk. In its security demo, it used the Google Pixel and Google Pixel 2 smartphones to draw attention to the defects but there are plenty of other potential victims. 

Other devices running the Snapdragon 835 chip include:

  • Samsung Galaxy S8/S8 Plus
  • Samsung Galaxy Note 8
  • Essential Phone
  • Xiaomi Mi 6
  • Sony Xperia XZ Premium
  • HTC U11/U11 Plus
  • OnePlus 5/5T
  • LG V30/V30 Plus
  • Sony Xperia XZ1/XZ1 Compact
  • Xiaomi Mi Mix 2
  • Razer Phone
  • Nokia 8/8 Sirocco

Devices running the Snapdragon 845 include:

  • Google Pixel 3/3 XL
  • Samsung Galaxy S9/S9 Plus
  • Samsung Galaxy Note 9
  • Sony Xperia XZ2/XZ2 Compact/XZ2 Premium
  • Xiaomi Mi 8
  • Xiaomi Mi Mix 2S/3
  • Razer Phone 2
  • Sony Xperia XZ3
  • Nokia 9 PureView
  • LG G7 ThinQ
  • OnePlus 6/6T
  • HTC U12 Plus
  • Pocophone F1

READ NEXT: Best antivirus software 2019: Keep your PC safe with our pick of the best free and paid-for antivirus programs

For its part, Qualcomm has acknowledged the flaw in its Security Bulletin, and addressed it via a software change, with licensees also being notified of the issue. The company is encouraging users to update their devices as patches become available from original equipment manufacturers (OEMs).

Qualcomm issued a special thanks in its Security Bulletin to Tencent Blade’s Xiling Gong for his work in unearthing the flaw, also citing an anonymous researcher who requested not to be named.

Tencent Blade is set to present its findings at the DEFCON 27 hacking conference in Paris, running from 8-10 August.

Read more