This article is more than 1 year old

Android hijack bug in detail

Infosec biz FireEye has drilled into a security bug in Qualcomm's netd code that puts millions of Android devices at risk of hijacking by malicious apps.

On May 2, Google pushed out a bunch of patches for its mobile operating system. As we reported, one of those fixes addresses a flaw labelled CVE-2016-2060, which can be exploited by installed apps to gain the privileges of the radio user – granting access to the SMS and phone call databases, and other information.

Your device must be running Qualcomm's modified netd to be vulnerable; gadgets shipped with Qualcomm chips are likely to include the software. It's yet another local privilege escalation, but FireEye has sunk some technical analysis into it, so if you're interested in reverse engineering and secure programming, take a look. ®

More about

TIP US OFF

Send us news