Critical Qualcomm security bug allows hackers to remotely take over Android smartphones

Millions of Android smartphone with best selling Qualcomm chips are prone to hacking. This was revealed by cybersecurity firm Mandiant’s Red Team which has discovered a widespread vulnerability affecting Android devices with Qualcomm chip making them susceptible to hacking.

The Red Team researchers said that the vulnerability existed since 2011 as vulnerable APIs — that someone was using — have been observed in a Git repository from that time. This makes it particularly difficult to patch all affected devices, said the firm in a statement.

The flaw, which is most severe in Android versions 4.3 and earlier, allows low-privileged apps to access sensitive data that’s supposed to be off-limits, according to a blog post published by security firm FireEye. Though the flaw may work on Android 4.3 but the hackers can use it to attack vulnerable devices running on Android 4.4 or higher. In this case a malicious application can surreptitiously modify sensitive OS properties. Attackers often combine such exploits with a similarly low-severity exploit to increase the potent of the attack.

FireEye researchers said that the vulnerability can also be exploited by potential hackers to gain physical access to an unlocked handset. Indexed as CVE-2016-2060, the bug was first introduced when mobile chipmaker Qualcomm released a set of programming interfaces for a system service known as the “network_manager” and later the “netd” daemon.

The vulnerability exists in a software package maintained by Qualcomm that is available from the Code Aurora Forum (published as CVE-2016-2060 and security advisory QCIR-2016-00001-1) and permits local privilege escalation to the built-in user radio. An attacker can exploit the flaw to gain physical access to an unlocked device as also install a malicious application on the device at will.

“On older devices, the malicious application can extract the SMS database and phone call database, access the Internet, and perform any other capabilities allowed by the radio user,” the firm said.

The vulnerability seems to affect all Android devices with Qualcomm chips and run with Qualcomm code. Qualcomm being one of the most popular chips around, many flagship smartphones from Samsung, HTC could be vulnerable to this attack. FireEye says that the bug could have widespread reach and could have affected hundreds of devices in the last five years.

Qualcomm on its part addressed the issue by releasing a software patch in early March 2016. “The OEMs will now need to provide updates for their devices; however, many devices will likely never be patched,” said the report.

The issue with Android smartphones is that there are hundred of manufacturers and barring a few top manufacturers, many do not bother to release patches to their users. Also, Android has so many versions running currently right from Android Ice Cream Sandwich to Android Marshmallow, that it is virtually impossible to release a common patch for all of them.

FireEye says that the bug is very critical because a user wont know his/her Android smartphone is hacked even after the potential hacker takes over the smartphone and silently snoops on the victim. “There is no performance impact or risk of crashing the device,” the report added.

The vulnerability was patched in the Android security patch Google released on May 1. A Google representative said Nexus devices were never affected.