Cyber-security firm Mandiant has recently released a report wherein it states that Android devices that are running with Qualcomm chips or code are vulnerable to attacks. The vulnerability has been identified as CVE-2016-2060 in which it exists within a software package that is maintained by Qualcomm. If exploited, the vulnerability will allow access to attackers towards the victim’s SMS database, phone history, and more. Since this is an open source software package, it will affect a variety of projects that uses the aforementioned APIs, which also includes Cyanogenmod.
Qualcomm Android Devices Vulnerable to Getting Their SMS and Phone History Leaked
This particular vulnerability, the CVE-2016-2060 as Mandiant puts it, is the lack of input sanitization of the “interface” parameter of the “netd” daemon, in which it is a part of the Android Open Source Project (AOSP). This vulnerability was part of some new APIs wherein Qualcomm introduced them some years ago. It was made to allow additional tethering capabilities, along with other functionalities.
To exploit this particular code, the hacker would have to either execute the attack with the use of a malicious application, or they would need access to your unlocked device. The devastating part about this is that since the API is very frequently accessed by most of the apps that are running on your Android phone, it is tough for the smartphone subsystem to differentiate between requests that have been made from a regular app than that of a malicious one. Therefore, and as a matter of fact, neither Google Play nor other mobile anti-virus applications are likely to flag the attack as a form of intrusion.
The report that was given by Mandiant states that it is even possible that there are already hundreds of models that are now vulnerable to attacks. This could mean millions of devices around the globe over the last five years and across many versions of the Google-owned mobile operating system that range from versions Lollipop to Ice Cream Sandwich.
Qualcomm is said to have already addressed the issue by patching the “netd” daemon for the affected Android devices. Furthermore, it is reported that they have already alerted all of their OEMs as well. It is not up to the OEMs to issue an update to their devices. However, given that there is a vast diversity among the products involved, there is a chance that many models would not get to receive the update. The search engine giant has also officially acknowledged this vulnerability as they have made a statement regarding about it in the May edition of the Android Security Bulletin.