The Risk
The flaw can allow access to sensitive user data including:
Users with older phones running Android 4.3 (Jelly Bean MR2) and earlier are most at risk. It is estimated that 34% of users running versions 4.3 and earlier are at risk. A security protection called SEAndroid was introduced in 4.4 which greatly reduced the risks associated with this flaw.
What is required to put these older smartphones at risk?
Aside from an unauthorized person having access to personal information, there are no performance changes or crashes associated with this flaw! This means most people will never notice or realize their information is at risk.
How it Happened
Qualcomm, a provider of chips and code used in Android devices, introduced new software as part of the Android network manager system service. Vulnerable phones were connected to the “netd” daemon which gave smartphones heightened networking capabilities including additional tethering capabilities. The elevation of privileges is where the risk comes in and is being used for devious purposes.
What to do about it
The flaw can allow access to sensitive user data including:
- SMS (messaging) history
- Call history
And can also affect:
- Your ability to change system settings or disable the lock screen
Users with older phones running Android 4.3 (Jelly Bean MR2) and earlier are most at risk. It is estimated that 34% of users running versions 4.3 and earlier are at risk. A security protection called SEAndroid was introduced in 4.4 which greatly reduced the risks associated with this flaw.
What is required to put these older smartphones at risk?
- Physical access to the phone OR
- The phone being infected with a malicious application
Aside from an unauthorized person having access to personal information, there are no performance changes or crashes associated with this flaw! This means most people will never notice or realize their information is at risk.
How it Happened
Qualcomm, a provider of chips and code used in Android devices, introduced new software as part of the Android network manager system service. Vulnerable phones were connected to the “netd” daemon which gave smartphones heightened networking capabilities including additional tethering capabilities. The elevation of privileges is where the risk comes in and is being used for devious purposes.
What to do about it
- Upgrade your Android version to version 4.4 or higher if possible. To check the Android version number:
- Select "Settings"
- Scroll down and select "About Phone"
- Apply the “netd” patch located here https://www.codeaurora.org/improper-input-validation-tethering-controller-netd-cve-2016-2060-0
New security risks are being released all the time and keeping up with them can be difficult. While some are more difficult than others to protect ourselves from, it is important to do our due diligence once we become aware of the risk. Smartphones are a regular part of most people's day so it is even more important to put in a reasonable amount of effort to prevent these devices from becoming compromised.
As always, data protection is not always easy, but it is always worth the effort!
Enjoy this post? Subscribe to our Blog
No comments:
Post a Comment