Mobile Chip Flaw Puts 60% of Android Devices At Risk of Being Hijacked

Despite the dominant market position Android holds in the mobile ecosystem, there are a fair amount of security flaws to worry about. One of the more recent vulnerabilities exposes as many as 60% of all Android devices in circulation, as Qualcomm’s mobile processor contains a worrisome flaw.

Combined Security Flaws Puts Android Users At Risk

TheMerkle_Mobile Vulnerability Android

What this particular Qualcomm mobile process vulnerability does is allow hackers to remotely take control over a targeted device assuming they can exploit a media server security hole at the same time.  While there are certain conditions to be met, as many as 60% of all Android device in the world are at risk of this attack. Unfortunately, this exploit can be used on all versions of the Android operating system, which is rather uncommon.

Although there are so many Android devices put at risk because of this exploit, the risk of getting exploited is relatively small. Attackers would have to distribute attack code through a malicious application, which has to be downloaded by users. This should limit the number of actual victims by a significant margin, as pulling off this exploit relies on factors beyond the control of the assailants.

Google issued a security patch for this same vulnerability, yet only deployed it to Nexus and OEM devices. However, a lot of carriers never sent this update to their customers since January of this year, which once again points out how fractured the mobile ecosystem is. Carriers have a responsibility to issue these patches to customers globally, yet it can take anywhere from one day to several months before this happens.

At the same time, there are a lot of Android phones in circulation which will no longer receive official updates. Once again, this decision is made by the manufacturer, and not Google themselves. Duo researchers indicate close to 27% of all devices fall into this category, which makes them vulnerable to this exploit.

For users who do not receive official Android updates from their manufacturer anymore, the only solution is restricting access to third-party apps whenever possible, Mobile device management solutions is also an option, albeit it is not something most people may want to use. Flashing a custom ROM which does contain this update may be worth exploring as well for more tech-savvy users.

Source: Threatpost

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.