Critical Snapdragon Exploit Takes Over Devices in Just 5 Minutes – What You Need to Know

Cristian Penisoara
Cristian Penisoara
2 min read
snapdragon exploit
Trust this source on Google
Add trusted source

Kaspersky ICS CERT has publicly detailed a critical hardware vulnerability hitting a wide array of Qualcomm Snapdragon chipsets. The exploit, presented at Black Hat Asia 2026 on April 23 and tracked as CVE-2026-25262, has rattled the security community. First confirmed by Qualcomm in April 2025, full technical details are now available, exposing a backdoor capable of total device takeover and data destruction.

snapdragon exploit takes over device

The Sahara Protocol and BootROM Flaw

The issue lies deep in the BootROM, the silicon-hardcoded firmware that runs first when a device powers up. Because this code is etched into the hardware itself, standard OTA software updates can’t touch it, making patches nearly impossible.

Researchers uncovered a major weakness in Qualcomm‘s Sahara protocol handling. For those who work with device flashing, Sahara manages low-level communication in Emergency Download (EDL) mode to load critical software before the main OS starts.

With just a few minutes of physical access, attackers can exploit this to sidestep the entire secure boot chain. Once inside the application processor, they gain the ability to:

  • Install persistent backdoors that survive reboots.
  • Pull sensitive data like passwords, files, contacts, and real-time location.
  • Take over device sensors for covert camera and microphone access.

The malware even fakes a system reboot to throw off users. Clearing the infection often requires draining the battery completely to wipe volatile memory, and detection remains extremely challenging.

Affected Chipsets and Devices

While newer flagships like Snapdragon 8 Elite have stronger defenses, this flaw hits many older and mid-range chips still in widespread use.

Vulnerable Qualcomm Chipsets:

  • MSM8916 (Snapdragon 410) (Xiaomi REDMI 2)
  • SDX50 (Xiaomi Mi MIX 3 5G and Mi 9 Pro 5G)
  • MDM9x07
  • MDM9x45 (Xiaomi Mi 5, Mi 5s, Mi 5s Plus, Mi Note 2, Mi MIX)
  • MDM9x65
  • MSM8909
  • MSM8952

Real-World Impact

Physical access requirements limit mass remote attacks, but the risk to supply chains, repair shops, and targeted users remains severe. Compromised devices turn into perfect surveillance tools. With hardware deployed across consumer REDMI phones to industrial IoT systems, the potential fallout spans far beyond typical mobile threats.

Source: Kaspersky

Samsung Galaxy Watch 8

Samsung Galaxy Watch 8

4.9 / 5.0
Est. Price
$289.99$349.9917% OFF
Buy
Budget
Nothing Phone (4a) Pro

Nothing Phone (4a) Pro

4.5 / 5.0
Est. Price
$494.99$599.0017% OFF
Buy
DEAL!
Samsung Galaxy Watch Ultra (2025)

Samsung Galaxy Watch Ultra (2025)

5.0 / 5.0
Est. Price
$449.99$649.9931% OFF
Buy
💎Best Android Device
Samsung Galaxy S26 Ultra

Samsung Galaxy S26 Ultra

4.9 / 5.0
Est. Price
$1,212.85$1,499.9919% OFF
Buy
Google Pixel Watch 4

Google Pixel Watch 4

4.8 / 5.0
Est. Price
396.00$499.9921% OFF
Buy
* As an Amazon Associate, Droid Tools earns from qualifying purchases. Learn more in our Affiliate Disclosure.
Cristian Penisoara
Guides Writer · Android Power User
Cristian Penisoara is a Guides Writer and Android specialist at Droid Tools. An Android user since version 2 and a professional event photographer, he combines technical curiosity with a detail-oriented approach - every guide he publishes is tested step-by-step on a real device before it goes live.

Comments & Discussions

Join the conversation! We use Disqus to handle comments. Click the button below to load the comment section.

Keep Reading

Google is rolling out the stable Android 17 and Wear OS 7 updates for compatible Pixel phones and watches. Beyond the new features these releases bring, both updates come packed with bug fixes and general improvements aimed at smoothing out the overall experience. Many of the changes target long-standing annoyances, while several underlying improvements should […]

android 17
OSRobert HabaJuly 17, 2026

Android 17 has just arrived on Google Pixel phones, and it’s set to reach Xiaomi devices soon as well. For Xiaomi users, though, this upgrade carries considerably more weight than usual — the upcoming HyperOS 4 skin is reportedly bringing a substantial software and architectural overhaul rather than the typical incremental yearly refresh. Beyond the […]

hyperos 4
OSCristian PenisoaraJuly 14, 2026

Honor introduced a new term to the industry, “Agentic OS,” on the opening day of MWC26 in Shanghai, outlining several defining characteristics of this operating system concept along with features that will arrive for users through the upcoming MagicOS 11 update. The reveal took place during the MWC 26 first-day event on June 24, where […]

AgenticOS
OSLuiza MosneaguJuly 1, 2026

When it comes to sheer feature breadth, Android generally has the upper hand. Split-screen multitasking, desktop PC mode via an external monitor, the ability to swap out the default launcher — these are things iPhones simply can’t do. Customization and openness have always been Android’s calling card. Even so, Apple has quietly built a set […]

6 Apple Features Android Still Hasn’t Matched – And Needs To
OSRobert HabaJune 22, 2026