YIBADA

Millions of Android devices at risk owing to previously ‘undetected’ Qualcomm flaw

| May 08, 2016 12:19 PM EDT

A stand host holds a Sony Ericsson XPERIA X10 mobile phone using the Android operating system at the Deutsche Telekom stands at the CeBIT Technology Fair on March 2, 2010 in Hannover, Germany.

A previously undetected flaw in some Android smartphones powered by Qualcomm Snapdragon may make the text messages and call histories of users vulnerable to hacking.

The fault, dubbed CVE-2016-2060, was detected by security researchers at FireEye and subsequently patched by Qualcomm in March. On the other hand, since the susceptibility was introduced about five years ago, several devices affected by it are not likely to receive the fix ever as they are not supported by their manufacturers any more, Computing.co.uk reported.

According to FireEye, the flaw was fond on an Android section called "netd," which was modified by Qualcomm modified with a view to provide added tethering competence. It is feared that harmful applications may take advantage of the vulnerability to perform commands the same as the "radio" system user, which has exceptional advantages.

The devices that are face maximum risk due to the vulnerability include the 34 percent Android users who are still running versions 4.3 and earlier edition, since they do not come with a feature called Security Enhancements for Android (SEAndroid), Arstechnica reported. It is likely that these devices will never receive the Qualcomm patch.

FireEye researchers have observed that the flaw is largely imperceptible and can be exploited by hackers physically unlocking an insecure device or when the user himself installs a malicious application. Incidentally, Google Play is unlikely to flag it as malicious, while FireEye Mobile Threat Prevention could not detect it initially.

A malicious application that may exploit this vulnerability would only require the extensively used "ACCESS_NETWORK_STATE" go-ahead to access the API rendered by the modified Qualcomm service. As a result, it is very difficult to be aware of even any exploitation attempt.

As Qualcomm chip sets are very popular with smartphone manufacturers, the FireEye researchers guess that several hundred Android phones are affected by the flaw. According to a rough estimate, there are more than 1.4 billion active Android devices throughout the world, suggesting that millions of devices can be affected by the flaw.

Meanwhile, the Qualcomm Innovation Center has issued a security advisory stating that the flaw will affect all devices powered by Android Jelly Bean, KitKat and Lollipop.

Watch the video on "Security flaw puts Android mobile devices at risk" below:

Related News

Most Popular

EDITOR'S PICK