Date:07/05/16
A security flaw affecting Android devices using Qualcomm chips leading to information disclosure and device manipulation has been revealed by researchers. The vulnerability in question is CVE-2016- 2060, a lack of input sanitization of the "interface" parameter of the "netd" daemon, used as part of the Android Open Source Project (AOSP). When Qualcomm, a provider of chips and code used in Android devices, introduced new APIs as part of the Android network manager system service, vulnerable phones were then connected to the "netd" daemon.
The daemon gave smartphones heightened networking capabilities, including additional tethering capabilities -- but also, unfortunately, introduced this vulnerability to the Android operating system. Attackers must either have physical access to a device or have a user install a malicious application onto the device, likely through a fake download, phishing campaign or a malicious app which has slipped through the Google Play security net to exploit the flaw in the daemon's API.
"Any application could interact with this API without triggering any alerts," FireEye says. "Google Play will likely not flag it as malicious, and FireEye Mobile Threat Prevention (MTP) did not initially detect it. It's hard to believe that any antivirus would flag this threat. Additionally, the permission required to perform this is requested by millions of applications, so it wouldn't tip the user off that something is wrong."
It is also difficult for users to notice their devices are infected as there are no performance changes or crashes. If exploited, the malicious app can siphon away the SMS database and phone call data from older devices, access the web and perform other capabilities allowed through the API. Newer devices, however, are hurt in a less severe way by this flaw.
Although it depends on the vendor's property subsystem settings, most new devices will only grant the malicious app access to change some system properties maintained by the operating system rather than steal data. There is no real answer to how many devices may be vulnerable although FireEye says it is possible "hundreds of models" of mobile devices produced in the last five years using Qualcomm chips and code could be harboring the security flaw.
In other words, countless users could be vulnerable to attack, but FireEye's Mandiant Red Team says that usage of the vulnerable API has been monitored and there is no evidence to suggest the vulnerability is being exploited in the wild. FireEye reached out to Qualcomm in January 2016 and has worked with the team since to fix the problem. The US chip maker has resolved the issue in part by patching the "netd" daemon, but it is now up to OEMs to provide updates for their devices. However, there is a problem.
Qualcomm security flaw impacts millions of Android devices
A security flaw affecting Android devices using Qualcomm chips leading to information disclosure and device manipulation has been revealed by researchers. The vulnerability in question is CVE-2016- 2060, a lack of input sanitization of the "interface" parameter of the "netd" daemon, used as part of the Android Open Source Project (AOSP). When Qualcomm, a provider of chips and code used in Android devices, introduced new APIs as part of the Android network manager system service, vulnerable phones were then connected to the "netd" daemon.The daemon gave smartphones heightened networking capabilities, including additional tethering capabilities -- but also, unfortunately, introduced this vulnerability to the Android operating system. Attackers must either have physical access to a device or have a user install a malicious application onto the device, likely through a fake download, phishing campaign or a malicious app which has slipped through the Google Play security net to exploit the flaw in the daemon's API.
"Any application could interact with this API without triggering any alerts," FireEye says. "Google Play will likely not flag it as malicious, and FireEye Mobile Threat Prevention (MTP) did not initially detect it. It's hard to believe that any antivirus would flag this threat. Additionally, the permission required to perform this is requested by millions of applications, so it wouldn't tip the user off that something is wrong."
It is also difficult for users to notice their devices are infected as there are no performance changes or crashes. If exploited, the malicious app can siphon away the SMS database and phone call data from older devices, access the web and perform other capabilities allowed through the API. Newer devices, however, are hurt in a less severe way by this flaw.
Although it depends on the vendor's property subsystem settings, most new devices will only grant the malicious app access to change some system properties maintained by the operating system rather than steal data. There is no real answer to how many devices may be vulnerable although FireEye says it is possible "hundreds of models" of mobile devices produced in the last five years using Qualcomm chips and code could be harboring the security flaw.
In other words, countless users could be vulnerable to attack, but FireEye's Mandiant Red Team says that usage of the vulnerable API has been monitored and there is no evidence to suggest the vulnerability is being exploited in the wild. FireEye reached out to Qualcomm in January 2016 and has worked with the team since to fix the problem. The US chip maker has resolved the issue in part by patching the "netd" daemon, but it is now up to OEMs to provide updates for their devices. However, there is a problem.
Views: 465
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
