Qualcomm Chip Vulnerability Leaves Android Phones at Risk

A newly discovered security flaw in widely used Qualcomm processors could put numerous Android devices at risk. Security researchers warn that, in the worst-case scenario, attackers could take complete control of affected devices and access sensitive data.

Vulnerability lies deep within the system

According to an analysis by Kaspersky ICS CERT, the vulnerability is located in the so-called BootROM of certain Qualcomm chips.

This firmware is hard-coded into the hardware and is already running before the operating system starts. This is precisely what makes the flaw particularly critical.

The vulnerability is registered under the identifier CVE-2026-25262. According to Kaspersky, Qualcomm was informed as early as March 2025 and confirmed the issue in April 2025.

The Qualcomm chips affected are:

• MDM9x07
• MDM9x45
• MDM9x65
• MSM8909
• MSM8916
• MSM8952
• SDX50

Other chips may also be vulnerable.

Affected devices (and possible good news)

The good news is that these are fairly old chipsets released between 2014-2019, found in cheaper devices as well as flagship phones from many years ago.

They appear to be found, in the most recent models, inside the Samsung Galaxy S10 5G (below), LG V50 ThinQ 5G, OnePlus 7 Pro 5G, and the Xiaomi Mi Mix 3 5G.

Foundry

Other devices include, but are not limited to, some Galaxy S7 and S8 models, the Google Pixel 2/2XL, LG G5, HTC One A9, Motorola Moto G4/G4 Plus and Honor 4A.

These are all considered ‘end of line’ and no longer receive software support, including security patches. So, if you do still have one, you should stop using it and upgrade to something current anyway.

Attacks possible even before booting

The investigation focuses on the so-called Sahara protocol. It is used when devices switch to Emergency Download Mode (EDL) – a special maintenance mode. In this state, a computer can transfer software to the device even before the operating system starts.

This is precisely where the problem lies: according to Kaspersky, attackers with physical access can bypass security mechanisms, including the so-called Secure Boot Chain. This allows malware to be embedded deep within the system, for example, in the form of backdoors.

Kaspersky provides further technical details in its analysis of the vulnerability in Qualcomm chips.

Access to data, camera and microphone

If a device is compromised, the possibilities are far-reaching. Attackers could do the following:

• Access stored files and contacts
• Read passwords and location data
• Activate the camera and microphone
• Take complete control of the device

Security researchers point out that such attacks don’t only affect ordinary users. Devices could also be tampered with within the supply chain – for example, during transport or repairs.

Restarting is not a reliable solution

Particularly insidious: a simple restart does not necessarily solve the problem. According to Kaspersky, installed malware can be embedded so deeply within the system that it is difficult to detect or remove.

Furthermore, compromised devices could simply feign a restart. A reset is only truly secure if the power supply is completely cut off – for example, by fully discharging the battery.

What you should bear in mind now

Even if an attack requires physical access, you should not underestimate the risk. Kaspersky recommends, among other things:

• Only take your device to reputable repair shops.
• Where possible, do not leave your smartphone or tablet unattended.
• Monitor access to your devices, particularly when transporting or handing them over.
• If you suspect anything: switch off the device completely and fully discharge the battery.