Qualcomm Vulnerability Disclosed, Allows Theft of Call Logs, SMS from Android
An Android vulnerability that has been into existence since 5-yrs is now known as it impacts numerous device models, including as old as Jelly Bean 4.3. Understandably, the maximum danger poses to older devices, while newer ones having active Android that has SE Android accompanying it, Security Enhanced Linux's OS implementation, aren't that risked.
Attackers, by exploiting the vulnerability, can acquire higher privileges on the mobile resulting in more assaults, in particular, theft of call logs and SMS. Security investigators from Mandiant's Red Team at FireEye discovered the vulnerability namely CVE-2016-2060 within Qualcomm program obtainable on the Code Aurora Forum.
Researchers from the Mandiant team state that the flaw exists inside certain APIs that Qualcomm appended to network_manager system facility, contained within Android's netd daemon.
An attacker attempting at abusing CVE-2016-2060 would just require developing one application, which asks the device for ACCESS_NETWORK_STATE consent.
Qualcomm developed a fix for the affected program as well as moved another for OEMs during March. Like in the case of other Android fixes, it's necessary that OEMs provide updates for the mobiles. Nonetheless, Mandiant cautions, probably several mobiles won't get patched. APIs that are flawed, for instance, existed inside one git repository of 2011, implying that it's for 5-yrs the code's circulation is on as also likely inside any number of Androids. Threatpost.com posted this, May 5, 2016.
Moreover, it's extremely difficult to detect an effective exploitation, according to Mandiant team. Investigators state there isn't any performance impact, while tests showed that Android mobile or application didn't crash.
Jake Valletta of FireEye elaborates that any application can establish contact with the aforementioned API while no alert emerges. It's possible that Google Play won't label it harmful, while Mobile Threat Prevention of FireEye didn't earlier detect it. Also, it's pretty unsure that an AV solution too would label this malicious. Besides, innumerable applications request the consent necessary for performing this, therefore, users would rather than get the hint that something isn't working alright, Valletta adds.
Mandiant contacted Qualcomm during January while the developer of software/hardware disbursed security fixes to Google as well as other types of OEMs for Android, by March.
» SPAMfighter News - 5/12/2016