Thursday, May 12, 2016

Qualcomm Security Flaw on Android Smartphones

A recent security flaw has been identified for Android phones running older software. The vulnerability, labeled CVE-2016-2020 by Common Vulnerabilities and Exposures, is related to installed Qualcomm chips and may affect hundreds of Qualcomm models. If affected, this vulnerability can allow access to SMS messaging and call log information, as well as causing other issues. If you are a smartphone user running Android software, the following is what you need to know.

The Risk
The flaw can allow access to sensitive user data including:
  • SMS (messaging) history
  • Call history
And can also affect:
  • Your ability to change system settings or disable the lock screen
Who is at Risk?
Users with older phones running Android 4.3 (Jelly Bean MR2) and earlier are most at risk. It is estimated that 34% of users running versions 4.3 and earlier are at risk. A security protection called SEAndroid was introduced in 4.4 which greatly reduced the risks associated with this flaw.

What is required to put these older smartphones at risk?
  • Physical access to the phone OR
  • The phone being infected with a malicious application 
Why is the severity of this flaw so high?
Aside from an unauthorized person having access to personal information, there are no performance changes or crashes associated with this flaw! This means most people will never notice or realize their information is at risk.

How it Happened
Qualcomm, a provider of chips and code used in Android devices, introduced new software as part of the Android network manager system service. Vulnerable phones were connected to the “netd” daemon which gave smartphones heightened networking capabilities including additional tethering capabilities. The elevation of privileges is where the risk comes in and is being used for devious purposes. 

What to do about it 
New security risks are being released all the time and keeping up with them can be difficult. While some are more difficult than others to protect ourselves from, it is important to do our due diligence once we become aware of the risk. Smartphones are a regular part of most people's day so it is even more important to put in a reasonable amount of effort to prevent these devices from becoming compromised.

As always, data protection is not always easy, but it is always worth the effort!

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment