Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Data of Android Users is Under Threat, Just Because Of Qualcomm Software!

 

Qualcomm Software has been used by Mobile Companies. A serious information disclosure vulnerability has been found by security researchers of FireEye in this Qualcomm Software Package. By exploiting this vulnerability, hackers could also exploit many other vulnerabilities for stealing data of users by doing malicious attacks. An update has been released by Google to patch this vulnerability but still 70% users are using old version of this software. This vulnerability now has been registered with CVE-2016-2060.

 

Response of Google over it?

Google has released an update to fix this issue. This vulnerability has been discovered by the security researchers of FireEye and according to them, this a “High Risk” vulnerability because hackers and cybercriminals could steal data of infected users. On the other hand, Google is saying that this vulnerability is not as much dangerous as researchers of FireEye are saying. This vulnerability is not related to AOSP (Android Open Source Project), therefore not all android users are infected with this. Latest release of update is only for infected devices and users could update their device drivers to fix this security issue.This is not a latest vulnerability. In the first month of this year, Researchers of FireEye discovered it and later they informed Qualcomm about this. After security investigation or software testing, Qualcomm fixed this security issue in March. This vulnerability was present in Qualcomm’s Open Source software package. This Open Software of Qualcomm is related to Android network daemon.  

 

Also read: Hackers are Spending Too Many Dollars to Create Dangerous Mobile Malwares!

 

Which Android devices are infected?

All the Android devices, which are using Android Lollipop version 5.0 and it’s earlier version are infected. CyanogenMod is a famous project and its developers are using Qualcomm software package. All the API’s of Qualcomm are infected and users should update all of it as soon as possible. The Android devices which are using Android Version 4.4 are less effected. The Android devices which are using version 5.0 Lollipop, are most effected. Hackers could steal chats, detail of phone calls and other sensitive data from infected devices. The latest devices are less infected. The percentage of latest infected devices is not more than 1 percent.

 

How Hackers Could Exploit this Vulnerability?

The “Radio” in Android devices could help the hackers to steal user’s information and data. This is a built is function of Android Devices, which have some special type of privileges. These privileges are different from the privileges of all the other Applications. Hackers could take “ACCESS_NETWORK_STATE” permission by doing a malicious attack on the Qualcomm software. Hackers could develop special type of applications which have permissions like Radio and then they could use the API’s of Qualcomm.

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.