A new bug found on Qualcomm-processed phones has put at least half a billion Android phones at risk. The bug, which was found by FireEye, allows low-privileged apps to gain entry to your personal data.
The vulnerability, called CVE-2016-2060, was first introduced in 2011 when Qualcomm added APIs for the network_manager system service, involving the affected netd daemon interface. The feature brought tethering abilities. The flaw allows the hacker to gain entry then via physical means or through a malicious code. Such a situation would also be undetectable for Google Play’s authorization as it won’t go deep enough to find a malicious code in the API.
The bug was first discovered in January and was patched by Qualcomm in March, yet it continues to affect Android phones running between version 4.3 Jelly Bean and 5.1.x Lollipop. That number totals more than 500 million phones, though, phones running on KitKat and above are slightly less likely to be affected since they come with Security Enhancements for Android (SEAndroid) by default.
The kind of stuff which can be done through the flaw includes accessing the call history, text messages, changing system settings and disabling the lock screen. Obviously, to be vulnerable requires having a Qualcomm SoC in your phone as well, a thing which can be confirmed via either checking the specifications or installing an app from the Play Store.
There isn’t a particular fix for this issue for now, but it surely wouldn’t hurt you to get your apps installed from authorized locations and install an antivirus program for added security.