Qualcomm Bug Threatens Millions of Android Devices


A five-year-old bug allows attackers to take control of Android phones

FireEye, a cybersecurity firm, has found a flaw in Android devices running Qualcomm chips. The vulnerability has existed in Android devices for the last five years, and it affects devices with Qualcomm processors running Android 4.3 and older Android systems. Devices running newer versions of Android take advantage of SEAndroid, but FireEye says they are still affected to some extent.

According to a FireEye blog post, “This vulnerability allows a seemingly benign application to access sensitive user data, including SMS and call history, and the ability to perform potentially sensitive actions, such as changing system settings or disabling the lock screen.”

FireEye informed Qualcomm of the bug in January, and Qualcomm released a fix by April, making it available to all vendors. Google pushed the fix to Nexus devices in May. Although Google secured its own Nexus devices, the company has no control over the rest of the Android ecosystem. Carriers and Android hardware vendors control software updates on their own Android devices, and users of these devices will remain vulnerable unless these companies update the software.


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=