Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Incident Response, TDR, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Lingering Android flaw exposes SMS

Android devices are vulnerable to attack owing to a newly discovered bug that permits local privilege escalation to the device's “radio,” according to FireEye.

The flaw could enable attackers to get a look at a victim's SMS database and phone history – without any performance impact, so users are unaware of the intrusion.The flaw affects older devices more than newer versions.

Mandiant's Red Team discovered the vulnerability in a software package maintained by Qualcomm. 

The defect debuted when Qualcomm, as part of its "network_manager" system service, delivered new APIs to extend tethering options. 

It's possible that hundreds of models are at risk as Qualcomm chips and code are widely used on Android devices and the code has been circulating for five years.

Qualcomm has issued patches and alerted customers, but as OEMs must provide updates, many devices are likely not going to be patched.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.