SecurityBrief Australia logo
Story image

'The Red Team' discovers widespread Android vulnerability

A new, widespread Android vulnerability has been identified by FireEye and Mandiant, the consultancy arm of the company.

According to a new report, Mandiant’s Red Team discovered the vulnerability permits local privilege escalation to the built-in user ‘radio’, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. 

According to the Red Team, the vulnerability was introduced when Qualcomm provided new APIs as part of the 'network_manager' system service, and subsequently the 'netd' daemon, that allow additional tethering capabilities, possibly among other things.

Since many flagship and non-flagship devices use Qualcomm chips and/or Qualcomm code, it is possible that hundreds of models are affected across the last five years, the team says.

Qualcomm has addressed the issue by patching the 'netd' daemon. Qualcomm notified their customers (all of the OEMs) in early March 2016. The OEMs will now need to provide updates for their devices; however, many devices will likely never be patched, the Red Team says.

There are two ways to exploit this vulnerability, though this does not account for a determined attacker who possesses additional vulnerabilities. The first is to have physical access to an unlocked device, and the second is to have a user install a malicious application on the device.

On older devices, the malicious application can extract the SMS database and phone call database, access the internet, and perform any other capabilities allowed by the 'radio' user. Some examples of potential capabilities of the 'radio' user are presented in the blog itself, though it was difficult for all of these to be tested, according to the report.

The impact of the vulnerability depends entirely on how the OEM is using the system property subsystem, the Red Team says. It should be noted that once the vulnerability is exploited, there is no indication to the user that something has happened. For example, there is no performance impact or risk of crashing the device.

Since this is an open-source software package developed and made freely available by Qualcomm, people are using the code for a variety of projects, including Cyanogenmod (a fork of Android). The vulnerable APIs have been observed in a Git repository from 2011, indicating that someone was using this code at that time. This will make it particularly difficult to patch all affected devices, if not impossible, the Red Hat team concludes.

Story image
Why uptime and performance are key to cloud security
The cloud has virtually infinite redundancy, storage and compute power, so why reinvent it? True cloud security should be delivered from the cloud itself.More
Story image
Vectra AI releases new endpoint integration to Cognito platform
Cloud network detection and response company Vectra AI has released extended endpoint detection and response native integration into its Cognito platform.More
Story image
Why Laminar Communications is all-a-chatter about messaging app LamChat
“We built our own messaging app to ensure it connects with our server. We used open-source code where possible and the programmers are people who live in Brisbane.”More
Story image
Kaspersky launches new course to defend users against doxing
"Knowing the threats that are out there makes it easier to take measures to avoid them, and one such threat is doxing - the act of gathering and revealing identifying information about someone online against their will."More
Story image
COVID-19 has changed the way companies handle data security
According to data classification company Titus, the rise in remote working under COVID-19 has delivered far-reaching changes in how we do business, with significant implications for CISOs, compliance, and data governance officers. More
Story image
Australians would rather quit than give up remote working, report finds
Building upon last year’s pre-pandemic inaugural Remote Work Report: The Future of Work is Remote, this year’s report is a comprehensive look at remote work.More