Critical Snapdragon Exploit Takes Over Devices in Just 5 Minutes – What You Need to Know
Kaspersky ICS CERT has publicly detailed a critical hardware vulnerability hitting a wide array of Qualcomm Snapdragon chipsets. The exploit, presented at Black Hat Asia 2026 on April 23 and tracked as CVE-2026-25262, has rattled the security community. First confirmed by Qualcomm in April 2025, full technical details are now available, exposing a backdoor capable of total device takeover and data destruction.
The Sahara Protocol and BootROM Flaw
The issue lies deep in the BootROM, the silicon-hardcoded firmware that runs first when a device powers up. Because this code is etched into the hardware itself, standard OTA software updates can’t touch it, making patches nearly impossible.
Researchers uncovered a major weakness in Qualcomm‘s Sahara protocol handling. For those who work with device flashing, Sahara manages low-level communication in Emergency Download (EDL) mode to load critical software before the main OS starts.
With just a few minutes of physical access, attackers can exploit this to sidestep the entire secure boot chain. Once inside the application processor, they gain the ability to:
- Install persistent backdoors that survive reboots.
- Pull sensitive data like passwords, files, contacts, and real-time location.
- Take over device sensors for covert camera and microphone access.
The malware even fakes a system reboot to throw off users. Clearing the infection often requires draining the battery completely to wipe volatile memory, and detection remains extremely challenging.
Affected Chipsets and Devices
While newer flagships like Snapdragon 8 Elite have stronger defenses, this flaw hits many older and mid-range chips still in widespread use.
Vulnerable Qualcomm Chipsets:
- MSM8916 (Snapdragon 410) (Xiaomi REDMI 2)
- SDX50 (Xiaomi Mi MIX 3 5G and Mi 9 Pro 5G)
- MDM9x07
- MDM9x45 (Xiaomi Mi 5, Mi 5s, Mi 5s Plus, Mi Note 2, Mi MIX)
- MDM9x65
- MSM8909
- MSM8952
Real-World Impact
Physical access requirements limit mass remote attacks, but the risk to supply chains, repair shops, and targeted users remains severe. Compromised devices turn into perfect surveillance tools. With hardware deployed across consumer REDMI phones to industrial IoT systems, the potential fallout spans far beyond typical mobile threats.
Source: Kaspersky
Google Pixel 9
Google Pixel Watch 4
Comments & Discussions
Join the conversation! We use Disqus to handle comments. Click the button below to load the comment section.
Keep Reading
When it comes to sheer feature breadth, Android generally has the upper hand. Split-screen multitasking, desktop PC mode via an external monitor, the ability to swap out the default launcher — these are things iPhones simply can’t do. Customization and openness have always been Android’s calling card. Even so, Apple has quietly built a set […]
Honor is deep in development on MagicOS 11, and fresh details suggest the company is going all-in on a visual overhaul — one that will bring a Liquid Glass-inspired interface to its devices. Following iOS 26 and HarmonyOS 7, Honor appears ready to join the glass UI wave with its own take on the aesthetic. […]
A few hours before Huawei officially unveiled HarmonyOS 7.0 at HDC 2026, the company quietly dropped OpenHarmony 7.0 Beta 1 — a pre-release build that had first surfaced three weeks earlier and has now been formally released as a public testing framework for device makers and developers. OpenHarmony serves as the open-source foundation that device […]
Samsung has extended the June 2026 Android security update beyond the Galaxy S26 lineup, with the patch now rolling out to the Galaxy S25 series, Galaxy S25 Edge, and Galaxy Z Fold 7. The update weighs in at around 900MB and delivers 45 security fixes in total, with the rollout beginning in South Korea before […]
Huawei took the wraps off HarmonyOS 7 at its Huawei Developer Conference (HDC) on June 12, 2026. The new OS update spans smartphones, tablets, PCs, wearables, and IoT devices, with Yu Chengdong – Huawei’s Executive Director, Chairman of the Product Investment Review Committee, and Chairman of the Consumer Business Group – officially announcing the update […]
Screen Reactions, teased at the Android Show just a few weeks ago, are now live in Android 17 QPR1 Beta 4 for eligible Pixel phones. With this latest Android 17 preview build, there’s now a clearer picture of how the green screen-like effect actually works. It’s built directly into the system screen recorder — no […]
