Vulnerable Issue present in Qualcomm Snapdragon puts more than a billion of android phone at high risk. Its chip is exploited by malicious application to gain root access on the device.
Now a days, most of the branded and exclusive designed smart devices like Xiaomi Mi4, Yu Yureka etc comes with Qualcomm Snapdragon processor worldwide. Delivers breathtaking speed, jaw-dropping graphics, ultra-fast connectivity, multitasking etc. It enables next-level user experiences. It facilitates gaming, watching videos, listening to music etc.
But recently security experts at Trend Micro are giving warning to the Android users. Due to some programming errors in Qualcomm’s kernel-level Snapdargon code, Hacked Snapdragon-based Android Phones may leads to the exploitation of information. It means that hackers can gain root access and take full control on your device.
Gaining root access on a device is serious matter to be viewed carefully. As Hacked Snapdragon-based Android Phones provides access to the admin level capabilities. On behalf of users, hacker can perform any type of task on device such as capturing pictures, snoop personal data in addition to account’s password, messages, emails and photos.
Even company’s own website demonstrate that Qualcomm Snapdragon SoCs (systems on a chip) influences more than a billion smart devices along with Internet of Things (IoTs). Hence, it is confirmed that many people are at high risk of being attacked by intrusive hackers.
Fortunately, Google has make an updates after Trend Micro privately declared issues that with an effective solution. It launches specially crafted app to prevents users from attackers to gain root access.
The security update is comprised of long chain –
Qualcomm -> Google -> Your device’s manufacture -> Your network carrier -> Your handheld over the air
The most important part of Hacked Snapdragon-based Android Phones to be worried is that same vulnerable chips are used in numerous Internet of things that don’t have security updates. As hackers can conveniently gain root access to these connected devices.
Trend’s Noah Gamer said that smartphone are not only the problem but Qualcomm also sells SoCs To vendors producing devices. In simple words, your gadgets are at high risks.
Experts predicts that if IoT is going to be widespread so there is great need of placing security to keep device safe for public use. Thus, security update is like necessity and users must aware what they are dealing with.
Due to any reason, if security updates are not available or take long time to arrive, then in both the cases, it reprobate time to produce harm by taking control over the device. In fact, those having Google handsets that gets facilities from tech giant automatically, leads to protection of devices against vulnerabilities. It may includes Nexus 5X, Nexus 6P, Nexus 7, Nexus 9 and Nexus 10.
In the recent test, it has been concluded that vulnerable code is present in Android version 4 to 6. This toxic code is called as Qualy’s code. Since researchers don’t have access on every Android handset and tablet, the full list of devices are not available.
There are number of vulnerabilities present inside Hacked Snapdragon-based Android Phones. Researchers have not disclosed all the flaws yet brief about them is given –
Qualcomm-based flaw (CVE-2016-0819) : It has been demonstrated as logic bug by the researchers which allows a small section of kernel memory to be alleviate after freed. As a consequences, information leakage and a Use after free issue in Android.
Issue (CVE-2016-0805) – This issue is present in Qualcomm chipest kernel function. The function is get_krait_evtinfo returns an index into an array used by other kernel functions. Input data is well crafted but it is possible that it generates a malicious index causing butter overflow.
Gaining root access – Preferring both destructive issues on device, attackers gain root access on the device.
Some of the reasons why you shouldn’t allow root access your smart devices –
- Security Risks – Once getting root access, you will get full control over the device. Since there some apps which require root access to work properly. This root access is double edged sword as with root access nothing is going to prevent from malicious attack. It may leads to corruption or deletion, personal information to be skimmed etc.
- Problems with updates – One major problem which takes place with root access is that it starts automatic updates to the firmware. Due to this, you can’t perform updates via Wi-Fi(OTA) and management software like Samsung KIES etc. You need to manually update the firmware on your device which is troublesome process.
- Warranty out Window – Root access is also one of the hazardous issue responsible for goodbye to warranty. Even a flash counter built into them will track firmware and installed unofficial software. There is no guarantee that Warranty department catch or not.
- All devices are different – The process used to root access on devices are differ from device to device. As some uses command prompt to gain access. There may be more chances for things getting wrong and make device unusable.
Researchers will describe full details of exactly how bug actually works at the upcoming security which is going to be held in May 2016.
Source – The Hacker News