According to the recent reports, the chips manufactured by Qualcomm, which are used in 60 per cent of the Android phones have a major flaw that allows hackers to gain access to phones and tablets.
Expert researchers at Duo Labs claim that this vulnerability is because of two reasons – a security bug in Qualcomm’s Secure Execution Environment (QSEE) and Android’s problematic media server.
The problem was discovered last week by Gal Beniamini, when he noticed an attacker was able to establish communication with QSEE’s trusted applications on the phone.
The main reason why it’s so troubling is because this bug impacts both old versions, and new versions including the new Marshmallow rollout. Though Google has acted fast upon it and released a patch, but Duo Labs estimate that only a small fraction of the phones have received this update.
The researchers also claimed that while a large number of phones are vulnerable, the security concerns aren’t as terrible as Stagefright.
An expert at Duo said “Stagefright could be used to attack anyone remotely, and all you’d need is their cell phone number. This vulnerability requires that the attacker distribute the attack code via a malicious app. According to Google’s own numbers, 1 in 200 phones have a potentially harmful application,” said Kyle Lady, research and development engineer at Duo Labs. “QSEE exploit leverages the chaining together of two separate exploits to cause a phone to be completely controlled by a third party.”
Google did release a patch which rectified the issue in Nexus phones and OEM handsets, but because of the wireless carriers dragging their feet around when it comes to updates, 60 per cent of the devices are still vulnerable.
In fact, the researchers have also claimed that 27 per cent of the Android phones are now too old to get a security update, and hence, they would be permanently vulnerable.
The Qualcomm Snapdragon series chipsets are the ones that have been affected. They are used in phones like – Motorola’s Droid Turbo, Google Nexus and Samsung S5 and S6.
Explaining the attacks, researchers at Duo Labs said, “An attacker running code in the Normal World could take advantage of a vulnerability in mediaserver to exploit an application running in the Secure World. Then the attacker could modify the Normal World’s Linux kernel, allowing the attacker to compromise the whole operating system to whatever ends they’re trying to achieve. We’re assuming that the attacker has one, given how frequently ‘Critical’ or ‘High’ severity bugs in mediaserver are found and patched,”
