Qualcomm Puts 60% Of Android Devices At Risk
However, one of the unfinished business of Android is the distribution of these security patches, which sometimes can not reach 3 out of 5 users, leaving them exposed to possible attacks. An example of this problem with Android updates can see the vulnerability Qualcomm QSEE, a vulnerability that has already been settled by Google more than four months ago, but a recent analysis of its state of it shows how the number of updated devices that have solved the vulnerability is very small and, globally, more than 60% of the devices are vulnerable to this security flaw. Qualcomm Secure Execution Environment (QSEE “CVE-2015-6639”) is a security flaw that allows an elevation of privileges in the operating system of Google, specifically in the TrustZone, a special kernel space used by Qualcomm processors, from which an attacker even can manage to get root access on the device. As this vulnerability alone is harmless, attackers often exploit this flaw by one of the known vulnerabilities in the Android media server to take control of the devices. Therefore, at least a vulnerability in the mediaserver of the Android operating system was cataloged as critical. In addition to the inherent dangers of vulnerability, the most worrying part is the ease with which it can be exploited since, as explained, all an attacker needs to do is trick a user into installing an application, which will use two exploits and, within seconds, the attacker will gain the full control over the device. By having full control over the device, the infection will be permanent, and the only way to get rid of it, the user to flash the ROM of the device from scratch. As we said, the tech giant Google discovered and fixed the vulnerability 4 months ago; however, more than half of Android smartphone users are potentially vulnerable to it. This is because, although the update has already reached users, the manufacturers have not updated their devices and probably do not, thus returning to the fragmentation issue. So, if we want to protect ourselves from the vulnerability should, then we should avoid using smartphones with Qualcomm processors, or if we have one, then we have to install a ROM that includes the patch updates of Android, such as CyanogenMod. Hence, after doing this process attacker can not use the vulnerability (QSEE “CVE-2015-6639”) to gain full control of our device. Anyway, even if we have the latest version of Android, we may continue, but it will be best to avoid installing applications that are not trusted to prevent the new exploit.