The security of Android has always caused doubts. Despite the fact that in recent years, Google releases monthly security patches first, receive them not all, and, secondly, they are focused only on the correction of system bugs and vulnerabilities, without affecting those that lurk in the firmware of the processors. And yet, they are the most dangerous because cover a lot more devices, and corrected noticeably slower, requiring a special approach. The examples are not far to seek.
The Qualcomm processor found a series of several critical vulnerabilities that affect about 40% of all Android devices in the world. They lurk in the partitions used for audio processing and digital images. With their help, attackers can create undetectable malware capable of spying on users of vulnerable machines to copy and upload their private data to remote servers and actually manage them independently of the will of the owners.
Vulnerabilities in Qualcomm processor
The vulnerability in question can be found in almost any smartphone on the planet, running Android. Price category, brand and model do not matter. Gaps found in Google, LG, Samsung, Xiaomi, OnePlus, and other manufacturers. But the iPhone is invulnerable, because they work on processors built on the same architecture as the Qualcomm decision, they describe the deficiencies were corrected. Therefore their owners is not in danger, said experts from Check Point who discovered the vulnerability.
According to representatives of Qualcomm, they already know about the existence of vulnerabilities in its processors and fixed 6 of them. Moreover, the company has no evidence that hackers or exploited vulnerabilities. This gives reason to believe that updates with bug fixes was released before the attackers could get to know about the possibility of hack of most modern smartphones. However, without problems is still not done.
How to protect Android from cracking
Due to the fact that Qualcomm does not have the ability to propagate updates among devices that run on its own processors, and their output for each of the vulnerable devices depends on the efficiency of their manufacturers. The fact that they will have received the source code updates, in a special way to adapt them to their smartphones and tablets to avoid conflict with the standard mechanisms of corporate shells. And because it takes time, not to mention the fact that many vendors do not even bother with adapting the patches, obviously, the updates have made it far not to all users.
In this case Qualcomm has prepared some practical advice that will avoid the device malware is able to exploit the discovered vulnerabilities:
- Enable autorefresh and not to ignore any update that is sent to the mobile – they may contain fixes for critical bugs and vulnerabilities to ensure the protection of personal data.
- Download software only from Google Play and avoid the use of alternative application directory, because the test procedure from Google, though not perfect, but still minimizes the probability of intrusion of malicious SOFTWARE.
- Not give applications any permissions to the right and left, even if they claim they send notification that they will not be able to function normally. In this case it is better to treat the request critically and to think, why would a calculator need access to SMS.
Frankly, the safest themselves in this situation can feel the owners of smartphones Samsung, OnePlus, Google Pixel and partially Xiaomi. The fact that these manufacturers most responsible approach to the adaptation process monthly security updates, trying to release them as in a timely manner, so as not to expose the user to risk of hacking. The rest, unfortunately, with promptness and care about customers, things are frankly so-so.