Millions of Qualcomm-powered Android devices at risk
A major security glitch in Android smartphones using Qualcomm chipsets could be exploited by hackers to access users’ text messages and call logs.
The vulnerability is designated as CVE-2016-2060, and is located in a component of Android OS that’s modified by Qualcomm to provide tethering functionality.
The flaw was discovered by security research firm Fire Eye in January this year. Although Qualcomm already patched the bug in March,millions of Android devices are still at risk as they are no longer updated by their manufacturers. The security glitch affects devices running Jelly Bean, Kitkat and lollipop versions of Android.
To exploit the loophole, a malicious application just needs the ‘ACCESS_NETWORK_STATE’ permission. This not only allows the malicious program to access the API exposed by the modified Qualcomm service, but also makes it hard to detect hacking attempts.
Even more concerning is the fact that Android’s system services like Google Play and mobile anti-virus applications are unlikely to flag the hacking attempt as a potential threat to the security of the device.
It’s worth noting that devices with Android KitKat and later are supposedly affected to a lesser extent as they come with Security Enhancements for Android (SEAndroid) mechanism enabled by default. The devices having Jelly Bean and previous versions are at risk the most.
Qualcomm addressed the issue quickly by releasing a fix in March this year. However, it’s still up to the device manufacturers to ensure that the fix is properly rolled out to affected devices.
Qualcomm in statement said, “Enabling robust security and privacy is a top priority for Qualcomm Technologies, Inc. Recently, we worked with Mandiant, a FireEye company, to address the vulnerability (CVE-2016-2060) that may affect Android-based devices powered by certain Snapdragon processors. We are not aware of any exploitation of this vulnerability. We have made security updates available to our customers to address this vulnerability.”
Android has had its share of security issues in the past. According to a recent report, cases of malware on Android doubled in 2015.