Kaspersky researchers have discovered a hardware vulnerability in Qualcomm Snapdragon chips found in millions of devices. Through physical access, attackers can steal data, misuse sensors such as cameras and microphones, and in some cases, take full control. The flaw resides in the BootROM and is difficult to fix without a power interruption.
The vulnerability (CVE-2026-25262) affects chipsets such as the Qualcomm MDM9x07, MSM8909, and SDX50 series. These are found in smartphones, tablets, automotive components, and IoT devices. Kaspersky warned Qualcomm as early as March 2025, but details were only made public a year later. The problem lies in the Sahara protocol, which is used when a chip enters Emergency Download Mode (EDL). This mode is normally intended for recovery operations but now provides a backdoor.
The risk extends to the supply chain. Attackers could install malware that persists even after a reboot, unless the power is completely cut. This makes detection and removal particularly difficult.
Attack scenarios: from passwords to full control
With physical access to a device, malicious actors can bypass the security chain. For smartphones or tablets, this provides access to typed passwords, files, contacts, location data, and sensors like cameras and microphones. Sergey Anufrienko, security expert at Kaspersky ICS CERT, emphasizes that malware can hide and influence long-term behavior: “A simple reboot is often not enough. Only a complete power interruption—such as a drained battery—guarantees a clean start.”
The impact is not limited to consumer devices. Industrial systems and vehicles with vulnerable chips are also at risk, especially during production, maintenance, or recycling. Kaspersky recommends strictly controlling physical access to devices at all stages—from delivery to disposal.