900 million Android devices vulnerable to hackers

900 million smartphones and tablets running Google’s Android software are vulnerable to attack from malicious apps according to cyber security firm Check Point.

The firm alleges that Android devices using Qualcomm chipsets, who are the largest manufacturer of such components, have four vulnerabilities that could allow a hacker to load a malignant app that takes control of the device.

Many of most popular Android devices found on the market today use Qualcomm chipsets including:

  • BlackBerry Priv
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • Numerous devices by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

Qualcomm is the world’s leading designer of LTE chipsets with a 65 per cent share of the LTE modem baseband market.

If any one of the four vulnerabilities is exploited, an attacker could trigger privilege escalations for the purpose of gaining root access to a device.

The exploit could be triggered by loading a malicious app onto a device which could then access any of its data.

“Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier,” Check Point said.

“Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.”

It is typical for many Android manufacturers to stop developing new software patches for their devices as little as a year after their original release. Many older devices will therefore probably remain vulnerable to the exploit.

“This situation highlights the inherent risks in the Android security model,” Check Point said. “Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.”

Android has historically suffered from a number of security flaws such as last year’s Stagefright bug that allowed hackers to access millions of smartphones by simply sending a multimedia message to them.

Last month it was revealed that nearly 100,000 Android devices in the UK had been infected with a virus called HummingBad. 


Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them