A critical hardware vulnerability has been discovered in older Qualcomm chipsets from 2014-2019, posing a serious threat to Android devices. Kaspersky found the flaw (CVE-2026-25262) which affects phones like the Samsung Galaxy S10 5G and Google Pixel 2. Attackers with physical access can exploit the Sahara protocol flaw to bypass security measures and embed malware deeply into affected devices. Given that these older chipsets no longer receive security updates, users are advised to upgrade to newer devices to avoid being permanently vulnerable.
The vulnerability is deeply rooted within the BootROM of certain Qualcomm chips, making it a significant concern. Qualcomm was made aware of the issue in March 2025 and confirmed it in April 2025. The affected chipsets include MDM9x07, MDM9x45, MDM9x65, MSM8909, MSM8916, MSM8952, and SDX50, with the possibility of other chips also being vulnerable.
While the affected devices are mostly older models released between 2014-2019, they can still be found in some more recent phones like the Samsung Galaxy S10 5G, LG V50 ThinQ 5G, OnePlus 7 Pro 5G, and Xiaomi Mi Mix 3 5G. Additionally, models like Galaxy S7 and S8, Google Pixel 2/2XL, LG G5, HTC One A9, Motorola Moto G4/G4 Plus, and Honor 4A are also at risk. These devices no longer receive software support, making them susceptible to security breaches.
The vulnerability revolves around the Sahara protocol used during Emergency Download Mode (EDL) when a device is in maintenance mode. Attackers can exploit this protocol to embed malware before the operating system boots up, bypassing security mechanisms like Secure Boot Chain. This enables them to gain control of the device and access sensitive data.
Security researchers caution that compromised devices could lead to unauthorized access to files, passwords, location data, camera, microphone, and complete control of the device. Such attacks can occur not only with end-users but also within the supply chain during transportation or repairs.
Restarting the device may not entirely resolve the issue as malware can be deeply embedded in the system. For a secure reset, it is recommended to fully discharge the battery to cut off the power supply. Taking precautions such as visiting reputable repair shops, monitoring device access, and being vigilant during device handover can help mitigate the risk of exploitation.
In conclusion, the discovery of this vulnerability highlights the importance of staying updated with device security and taking necessary precautions to protect personal data. Users are advised to upgrade to newer devices and follow best practices to safeguard against potential attacks.