Mandiant’s Red Team. a security research team of FireEye has recently discovered a vulnerability affecting Android devices that would expose the user’s SMS database and call log to the attackers. This vulnerability has occurred due to a flaw in a software package maintained by Qualcomm.
There are hundreds of models of Android devices that run of Qualcomm, which means millions of devices are vulnerable to this attack. Although the FireEye team says that the newer versions of Android are less vulnerable compared to the older versions, 4.3 and earlier versions.
This vulnerability is called CVE-206-2060, it was introduced when Qualcomm provided new APIs as a part of the “network_manager” system service.
The attacker can exploit the victim’s device in two ways, one is by gaining direct physical access to the unlocked phone and the second one is by installing a malicious app into the victim’s smartphone.
FireEye also wrote in their blog, ” Any application could interact with this API without triggering any alerts. Google Play will likely not flag it as malicious. It’s hard to believe that any antivirus would flag this threat. Additionally, the permission required to perform this is requested by millions of applications, so it wouldn’t tip the user off that something is wrong.”.
What that means is that – not the Google Play store nor any anti virus applications will be able to detect the malicious nature of the attackers malicious application.
The FireEye team has also answers a much asked question regarding this issue and that is – Are only Android devices affected?, and this is what they wrote in their blog post, “Since this is an open-source software package developed and made freely available by Qualcomm, people are using the code for a variety of projects, including Cyanogenmod (a fork of Android). The vulnerable APIs have been observed in a Git repository from 2011, indicating that someone was using this code at that time. This will make it particularly difficult to patch all affected devices, if not impossible.”.
Qualcomm has released a patch for this vulnerability but it is expected that not all devices can ever be patched and a lot of devices can be still prone to attacks.