• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Qualcomm software flaw lets hackers access your SMS and phone history

Updated on May 6, 2016 by Guest Authors

If you are using handsets that run the older versions of the Android operating system, beware because your SMS and call logs are no longer exclusively visible to you alone.

Security researchers at FireEye have disclosed a five-year-old Android flaw that allows third-party prying eyes to view your text messages and recent calls without you knowing it. The old vulnerability most affects Android versions as old as the Jelly Bean 4.3 while newer Android versions that feature the Security Enhanced Linux run lesser risks.

qualcomm-flaw

Exploiting the vulnerability gives attackers heightened privileges into a device, which is why they can view SMS and phone history logs. According to the researchers, the flaw lies in a software that Qualcomm maintains within the Code Aurora Forum.

Although the infected software received a fix already, it would be practically impractical to roll out the patch to all Android devices because of the wide diversity of original equipment manufacturers. That means most older Android handsets are not likely to get the fix to the flaw. After all, it is a five-year-old vulnerability, and counting the number of Android devices affected by it seems an arduous task already.

Fortunately, the security researchers at least assured that there has been no known public exploit so far, though that is not a cause for complacency. The security flaw was born out of Qualcomm’s omission for the need to assess the inputs versus the Android netd daemon’s interface parameter, which is part of the Android Open Source Project.

The flaw specifically emerged when Qualcomm introduced a new application programming interface within the network_manager system service, leading to the “netd” daemon. This is intended to add more tethering capabilities to the Android devices. Qualcomm changed the “netd” daemon to plug the security hole.

It has yet to be established how far-reaching the scope of the flaw is. The only thing that’s sure for now is that Qualcomm chips are present in almost all Android devices we know so far such as the Samsung Galaxy handsets, HTC, LG, and Nexus.

Attackers have to have physical access to a handset in order to take advantage of the flaw. Alternatively, loading the exploit onto legit applications and have the user install those applications will also provide the attackers escalated privileges to a device. So beware with what you download even from major app stores such as Google Play Store and Apple App Store. Although the latest Android handsets are less susceptible to the threat, FireEye warns that malicious apps have the capability to change some Android system properties.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

EPOMAKER CIDOO V65 V2 Wireless Mechanical Keyboard Review

VTOMAN FlashSpeed 1500 Portable Power Station Review

OKP L1 Robot Vacuum Cleaner Review – Affordable Robot with LiDAR Navigation

KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • EPOMAKER CIDOO V65 V2 Wireless Mechanical Keyboard Review
  • Azulle’s BYTE4: Customization at Its Finest With 3 Stellar Add-on Modules
  • VTOMAN FlashSpeed 1500 Portable Power Station Review
  • OpenRock S Review – Revolutionizing the World of Earbuds

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}