There is a major security flaw that has been shipped with phones powered byQualcomm processor, which has put the phones at risk.
This flaw could cause a major damage if exploited, as it is capable of revealing call history and text messages (did I just hear you say what? I was shocked too).
Our mobile devices tend to hold the substantial part of our individual lives.
Now, how would you feel if you got to know that everything you thought was personal isn’t as personal as you’ve always thought? Worrisome, isn’t it?
Researchers from a security company called FireEye detected this risk, and this flaw was reportedly fixed by Qualcomm in March, this year.
It will shock you to know that this major security flaw started shipping with phones that run on Qualcomm processor since five years ago.
Another thing that will probably sink your heart, is the unlikeliness of these affected devices to get the patch that will help solve this dangerous and privacy evading flaw as many of the devices may no longer have the support of manufacturers.
This vulnerability was created by the action Qualcomm took to improve tethering on their devices, which featured the modification of an Android component called “netd”.
This flaw, if exploited by malicious applications, can be used to gain access to users’ personal information on affected devices.
Hundreds of mobile phone models are said to have been affected by this flaw and judging by the statistics of devices that are in the market currently, millions of Android devices are at risk.
This flaw does not need root access to take effect on affected devices; all it needs is just the access to the “ACCESS_NETWORK_STATE” permission.
Jake Valletta, a FireEye security company official, said in a blog post:
The saddening part of this story is that many affected devices will not get this patch.
We can only hope that manufacturers put users of their old devices into consideration by providing them an upgrade that includes this patch.
This flaw could cause a major damage if exploited, as it is capable of revealing call history and text messages (did I just hear you say what? I was shocked too).
Our mobile devices tend to hold the substantial part of our individual lives.
Now, how would you feel if you got to know that everything you thought was personal isn’t as personal as you’ve always thought? Worrisome, isn’t it?
Researchers from a security company called FireEye detected this risk, and this flaw was reportedly fixed by Qualcomm in March, this year.
It will shock you to know that this major security flaw started shipping with phones that run on Qualcomm processor since five years ago.
Another thing that will probably sink your heart, is the unlikeliness of these affected devices to get the patch that will help solve this dangerous and privacy evading flaw as many of the devices may no longer have the support of manufacturers.
This vulnerability was created by the action Qualcomm took to improve tethering on their devices, which featured the modification of an Android component called “netd”.
This flaw, if exploited by malicious applications, can be used to gain access to users’ personal information on affected devices.
Hundreds of mobile phone models are said to have been affected by this flaw and judging by the statistics of devices that are in the market currently, millions of Android devices are at risk.
This flaw does not need root access to take effect on affected devices; all it needs is just the access to the “ACCESS_NETWORK_STATE” permission.
Jake Valletta, a FireEye security company official, said in a blog post:
“Any application could interact with this API without triggering any alerts. Google Play will likely not flag it as malicious. It’s hard to believe that any antivirus would flag this threat. Additionally, the permission required to perform this is requested by millions of applications, so it wouldn’t tip the user off that something is wrong.”The sure to note that this flaw has not been exploited by attackers (at least not yet). Like it was said earlier on this post, Qualcomm made a patch that will get this flaw fixed.
The saddening part of this story is that many affected devices will not get this patch.
We can only hope that manufacturers put users of their old devices into consideration by providing them an upgrade that includes this patch.
Comments
Post a Comment
We love to hear from you!
Sign in to comment "anonymously" without entering verification text.