Qualcomm may be responsible for another large-scale security flaw in Android, able to reach millions of users worldwide. Discovered by software security firm FireEye, the gap leaves vulnerable a portion of devices with Snapdragon processors.
According to experts, the problem would be in new networking features implemented by Qualcomm in its chips, as the native ability to apply tethering (internet sharing). The antenna could be exploited by hackers, gaining potential access to call history and SMS phone.
What makes a dangerous vulnerability , however, it is its ability to remain hidden in the device. Malicious code can get through an official download on Google Play, asking permission to use the cellular network, something quite common. As the exploit would use official API could not be identified easily.
The very FireEye had trouble finding the bug, which affect many versions of Android, Gingerbread (2.3) to Lollipop (5.0). Although it is a less serious case that the controversial Stagefright and failure caused by Baidu, Google is already aware and probably working on a solution.
There is, for now, recommendations to avoid being targeted hacker exploiting the flaw, since they can attack, theoretically, with seemingly harmless apps. However, they have not yet been identified cases of victims worldwide -. But the question is if they exist and just were not discovered
Update (06/05)
In a statement to TudoCelular, Qualcomm reassures users, confirming that any attacks exploiting the flaw has been identified to date. In addition, the chip maker ensures that has provided its customers (phone makers) a solution to the problem
Check the positioning of Qualcomm in full:.
To provide privacy and robust security users is a top priority of Qualcomm Technologies, Inc. recently worked with Mandiant, a company FireEye, to address the vulnerability (CVE-2016-2060) that could affect some devices the Snapdragon processor and Android system.
Although we have no news of any case in which this vulnerability has been exploited, have been made security updates available to our customers so that the problem is resolved.
No comments:
Post a Comment