Posted on August 10, 2016 by staff

Android vulnerabilities ‘exposes firms to cyber attacks’


Businesses have been warned that a security flaw in Android devices exposes them to cyber attacks.

According to security researchers who reverse-engineered Qualcomm chips, around 900 million devices are vulnerable due to four vulnerabilities in software drivers.

The vulnerabilities can be exploited by attackers who might use a malicious app to trigger privilege escalations and gain root access to the device.

The researchers said the app would require no special permissions to take advantage of the vulnerabilities so would not arise suspicions.

Adam Donenfeld, senior security researcher at Check Point, said: “During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.”

There are already fears that the tech skills shortage will leave companies exposed to hackers.

Donenfeld believes gaining access to an Android smartphone or tablet allows attackers to take complete control of the device.

They then have the power to change or remove system-level files, delete or add apps and access the device’s screen, camera, microphone or data.

Ed Macnair, chief executive officer at security firm CensorNet, said: “Given that BYOD [bring your own device] is now commonplace, a vulnerability in mobile hardware on this scale could be a huge risk to enterprises.

“By having root access to the primary device that many people use on a daily basis for business operations, a hacker basically becomes a superuser.

“Having unfettered access to company systems is a few relatively simple steps away.”

Qualcomm released a statement following the publication of the report.

“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies,” it read.

“We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July.

“The patches were also posted on CodeAurora.

“QTI continues to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities.”

Samsung’s new Galaxy Note 7 phablet will feature an infrared iris scanner but biometrics are less secure than passwords, according to a security expert who advises Fortune 500 chief information security officers on security best practices.