Kaspersky has uncovered a serious hardware-level vulnerability in widely used Qualcomm Snapdragon chipsets that could allow attackers to access sensitive data and potentially take full control of affected devices.
The flaw, identified in the BootROM firmware, impacts multiple Qualcomm chip series commonly found in smartphones, tablets, IoT devices, and even automotive systems. Assigned CVE-2026-25262, the vulnerability was disclosed to Qualcomm in March 2025 and later acknowledged by the company.
According to Kaspersky researchers, the issue lies within the Sahara protocol a low-level communication mechanism used when devices enter Emergency Download Mode (EDL). This mode is typically intended for device recovery and repair, but the discovered flaw allows attackers with physical access to bypass critical security protections, compromise the secure boot process, and deploy malicious code.
“Vulnerabilities at the hardware level can enable stealthy, persistent attacks that are extremely difficult to detect or remove making physical device security more critical than ever.”
— Sergey Anufrienko, Security Expert, Kaspersky ICS CERT
In practical terms, a compromised device could expose highly sensitive user data, including passwords, files, contacts, and location information. Attackers may also gain control over device components such as cameras and microphones, enabling covert surveillance. In some cases, the entire device can be fully compromised with persistent malware that is difficult to remove.
The attack requires only brief physical access, raising concerns not just for end users but also for risks during repair, maintenance, or even supply chain handling. Kaspersky warns that compromised systems may simulate a reboot, meaning traditional restart methods may not always eliminate malicious code.
To mitigate risks, Kaspersky recommends strict physical security controls across the device lifecycle from manufacturing and distribution to repair and decommissioning. In cases of suspected compromise, a complete power reset, such as full battery discharge, may be necessary to ensure a clean restart.
The findings were presented at Black Hat Asia 2026, highlighting growing concerns around hardware-level vulnerabilities as cyber threats evolve beyond software-based attacks into deeper layers of device architecture.
