Discovered failure on mobile phones with Qualcomm’s Processors

Posted date 20/02/2018

Some popular mobile devices (Nokia, Nexus, Xiaomi, and others) that implements Qualcomm’s Spnapdrgoon processors could be vulnerable with a critical security vulnerability discovered by Security researchers Roee Hay and Noam Hadad from Aleph Research.

The vulnerability found by these researchers exposes mobile devices to some known vulnerabilities, allowing to an attacker with physical access to the device, boot it on EDL (Emergency Download Mode).  The main problem is the device when is on EDL mode could allow binary injections, allowing attackers to load some crafted binary that could give full access to the system.

The exploitation difficulty depends on the device and manufacturer, existing 3 different ways to gain access to EDL