Recently, it has surfaced in the news that a programming error in Qualcomm Snapdragon chipset has turned into a rootkit access for the hackers. Notably, more than a billion smartphones are based on this chipset. Also, a software patch roll out for this problem will take some time because it has to pass through a lot of hands.
Due to a severe programming blunder in Kernel level code at Qualcomm, maker of the Snapdragon chipset, attackers can gain root access and take full control of your device. Once attackers get the admin level capabilities, they can do almost anything. They can easily read, forward and even reply your mail without your permission, snoop on your personal data including accounts’ passwords, emails, messages, credit card numbers and photos.
Qualcomm’s website claims that their Qualcomm Snapdragon SoCs (systems on a chip) power more than a billion smart devices, including many Internet of Things (IoTs) as of today. Thus, this issue of a programming blunder becomes a matter of grave concern because it will affect millions of people.
Although Google, the Android maker, has rolled out updates after this issue of root access was by Trend Micro. Using this specially crafted app, a hacker would not be able to gain root access very soon. Here, the main concern is the security roll out. Since many vendors are included in this complex link, the roll out has to go through a proper chain that would look something like this:
- Qualcomm will fix this problem and release a patch to Google
- Google has to contact all the different vendors of device manufacturing like Samsung, HTC, Huawei etc.
- And using your mobile data or wifi, you then upgrade the firmware
But these simple looking steps take a lot of time on the ground.
Given that many of these devices are either no longer being patched or never received any patches in the first place, they would essentially be left in an insecure state without any patch forthcoming.
— said Trend engineer Wish Wu.
Unfortunately, a more dangerous situation is for IoT devices which are no longer in the line of security.
The affected handsets include Nexus 5X, Nexus 6P, Nexus 6, Nexus 5, Nexus 4, Nexus 7, Nexus 9, and Nexus 10 and all of the smart devices using the Qualcomm Snapdragon 800 series, including the 800, 805 and 810 and running a 3.10-version kernel. The vulnerable code is present in Android version 4 to version 6.
No comments:
Post a Comment