Skip to main content

Android bug spotted, 900m devices at risk

A bug was found in Android smartphones powered by Qualcomm processors, which could allow hackers to access the device. Security researchers which found the bug have said some 900 million devices might be at risk.

The bug was discovered by security experts at Checkpoint, which also said the bug is probably not yet exploited by malicious actors, but very well might be, in the weeks and months to come.

"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head of mobility product management at Checkpoint, according to the BBC. "It's always a race as to who finds the bug first, whether it's the good guys or the bad."

The bugs are located in graphics-handling software, as well as in the code controlling communications between various proceses within the device.

BlackBerry Priv and Dtek50, Blackphone 1 and Blackphone 2, Google Nexus 5X, Nexus 6 and Nexus 6P, HTC One, HTC M9 and HTC 10, LG G4, LG G5, and LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2 and OnePlus 3, Samsung Galaxy S7 and S7 Edge (US version), as well as the Sony Xperia Z Ultra, are among the affected devices.

The bug was revealed after reverse-engineering Qualcomm's code, which took six months.

"People should call whoever sold them their phone, their operator or the manufacturer, and beg them for the patches," said Mr Shaulov. Qualcomm is yet to comment.

Such a vulnerability can allow a hacker to become a 'superuser', says Ed Macnair, CEO at cloud security organisation CensorNet.

"Having unfettered access to company systems is a few relatively simple steps away."

"Often, ignorance is bliss for IT security teams with regards to the scale and seriousness of the BYOD problem. People need to wake up and monitor all devices running on their networks and what data they are trying to access and share. Only by doing this, can the risk be negated."

Photo Credit: fatmawati achmad zaenuri/Shutterstock

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.