Data of Android Users is Under Threat, Just Because Of Qualcomm Software!

Qualcomm Software has been used by Mobile Companies. A serious information disclosure vulnerability has been found by security researchers of FireEye in this Qualcomm Software Package. By exploiting this vulnerability, hackers could also exploit many other vulnerabilities for stealing data of users by doing malicious attacks. An update has been released by Google to patch this vulnerability but still 70% users are using old version of this software. This vulnerability now has been registered with CVE-2016-2060.

Response of Google over it?

Google has released an update to fix this issue. This vulnerability has been discovered by the security researchers of FireEye and according to them, this a “High Risk” vulnerability because hackers and cybercriminals could steal data of infected users. On the other hand, Google is saying that this vulnerability is not as much dangerous as researchers of FireEye are saying. This vulnerability is not related to AOSP (Android Open Source Project), therefore not all android users are infected with this. Latest release of update is only for infected devices and users could update their device drivers to fix this security issue.This is not a latest vulnerability. In the first month of this year, Researchers of FireEye discovered it and later they informed Qualcomm about this. After security investigation or software testing, Qualcomm fixed this security issue in March. This vulnerability was present in Qualcomm’s Open Source software package. This Open Software of Qualcomm is related to Android network daemon.

Which Android devices are infected?

All the Android devices, which are using Android Lollipop version 5.0 and it’s earlier version are infected. CyanogenMod is a famous project and its developers are using Qualcomm software package. All the API’s of Qualcomm are infected and users should update all of it as soon as possible. The Android devices which are using Android Version 4.4 are less effected. The Android devices which are using version 5.0 Lollipop, are most effected. Hackers could steal chats, detail of phone calls and other sensitive data from infected devices. The latest devices are less infected. The percentage of latest infected devices is not more than 1 percent.

How Hackers Could Exploit this Vulnerability?

The “Radio” in Android devices could help the hackers to steal user’s information and data. This is a built is function of Android Devices, which have some special type of privileges. These privileges are different from the privileges of all the other Applications. Hackers could take “ACCESS_NETWORK_STATE” permission by doing a malicious attack on the Qualcomm software. Hackers could develop special type of applications which have permissions like Radio and then they could use the API’s of Qualcomm.