Millions
of Android smartphone with best selling Qualcomm chips are prone to
hacking. This was revealed by cybersecurity firm Mandiant’s Red Team
which has discovered a widespread vulnerability affecting Android
devices with Qualcomm chip making them susceptible to hacking.
The
Red Team researchers said that the vulnerability existed since 2011 as
vulnerable APIs — that someone was using — have been observed in a Git
repository from that time. This makes it particularly difficult to patch
all affected devices, said the firm in a statement.
The flaw,
which is most severe in Android versions 4.3 and earlier, allows
low-privileged apps to access sensitive data that’s supposed to be
off-limits, according to a
blog post published by security firm FireEye.
Though the flaw may work on Android 4.3 but the hackers can use it to
attack vulnerable devices running on Android 4.4 or higher. In this case
a malicious application can surreptitiously modify sensitive OS
properties. Attackers often combine such exploits with a similarly
low-severity exploit to increase the potent of the attack.
FireEye
researchers said that the vulnerability can also be exploited by
potential hackers to gain physical access to an unlocked handset.
Indexed as CVE-2016-2060, the bug was first introduced when mobile
chipmaker Qualcomm released a set of programming interfaces for a system
service known as the “network_manager” and later the “netd” daemon.
The
vulnerability exists in a software package maintained by Qualcomm that
is available from the Code Aurora Forum (published as CVE-2016-2060 and
security advisory QCIR-2016-00001-1) and permits local privilege
escalation to the built-in user radio. An attacker can exploit the flaw
to gain physical access to an unlocked device as also install a
malicious application on the device at will.
“On older devices,
the malicious application can extract the SMS database and phone call
database, access the Internet, and perform any other capabilities
allowed by the radio user,” the firm said.
The vulnerability seems
to affect all Android devices with Qualcomm chips and run with Qualcomm
code. Qualcomm being one of the most popular chips around, many
flagship smartphones from Samsung, HTC could be vulnerable to this
attack. FireEye says that the bug could have widespread reach and could
have affected hundreds of devices in the last five years.
Qualcomm
on its part addressed the issue by releasing a software patch in early
March 2016. “The OEMs will now need to provide updates for their
devices; however, many devices will likely never be patched,” said the
report.
The issue with Android smartphones is that there are
hundred of manufacturers and barring a few top manufacturers, many do
not bother to release patches to their users. Also, Android has so many
versions running currently right from Android Ice Cream Sandwich to
Android Marshmallow, that it is virtually impossible to release a common
patch for all of them.
FireEye says that the bug is very critical
because a user wont know his/her Android smartphone is hacked even
after the potential hacker takes over the smartphone and silently snoops
on the victim. “There is no performance impact or risk of crashing the
device,” the report added.
The vulnerability was patched in the
Android security patch Google released on May 1. A Google representative said Nexus devices were never affected.
Comments
Post a Comment