Qualcomm is the chip manufacturer with the highest market share in smart phones. With hundreds of millions of devices using Qualcomm WiFi chips, any security issue can cause a big impact on users, among which, 0-click remote/adjacent attack surface is always the most concerning attack surface by security researchers as they require no user interaction, thus attacks can be performed in a silent manner. Furthermore, as one of the most important short-distance communication protocols, WiFi must be a major target of attackers.
This topic will explain to the audience the security risks faced by Qualcomm WiFi as well as its mitigations, illustrated by eight of the latest 0-click remote vulnerabilities we discovered. On the other hand, although the flagship Snapdragon 865 of Qualcomm in 2020 has made a lot of changes and security enhancements in WiFi, we still managed to find more security issues by conducting in-depth security research on the WiFi module of sdm865. In this talk, we also share our methodology in regards to reverse engineering and exploitation of WiFi in sdm865.