Qualcomm Security Flaw Letting Others Read Your Messages
Gareth Andrews / 9 years ago
When it comes to privacy we all like the idea that we can keep some secrets to ourselves. If you write it down in your diary you often have to worry about others reading it, so some decide to share their secrets via their mobile phone with friends. Sadly it would appear that a security bug in Qualcomm’s mobile chipset has allowed people to read your messages and more since 2011!
The security firm FireEye has revealed that a flaw found in Android 4.3 and earlier versions allow apps with low privileges to access your sensitive data in ways you never gave them permission to do. The security flaw (CVE-2016-2060) was introduced when chipmaker Qualcomm created and released the interfaces known as “network_manager” and the “netd” daemon.
The security flaw means that an app that doesn’t ask for any permissions could access everything from your text messages and call history or even disable the lock screen or change your system settings. FireEye state that while “newer devices utilizing SEAndroid are still affected, but to a lesser extent.”
While the problem was fixed in a security patch on May 1st this year, some people may never be able to get the latest patch thanks to restrictions by phone manufacturers or mobile carriers. With such a large flaw potentially going unfixed in so many devices (it’s estimated that 34 percent of users are running version 4.3 or earlier), Qualcomm could be exposing thousands of users data to malicious apps with little hope for those affected to update and protect themselves.