"The vulnerability was introduced when Qualcomm provided new APIs as part of the "network_manager" system service, and subsequently the "netd" daemon, that allow additional tethering capabilities, possibly among other things. I would say that there is probably a large portion of devices on the market that are vulnerable". The issue affects both flagship and non-flagship devices that use Qualcomm chips and/or Qualcomm code, meaning that hundreds of models are affected and likely millions of gadgets.
"The patch for this issue is not in AOSP. Qualcomm had modified the "netd" daemon", Mandiant said in an advisory. "People are using the code for a variety of projects, including Cyanogenmod (a fork of Android)", the researchers noted. Handset makers have to include the patch in their updates, then work with the cellular carriers to actually deliver the software to individual devices. In layman's terms, the manufacturers themselves probably don't know for sure all devices that are affected... A Google representative said Nexus devices were never affected. We are not aware of any exploitation of this vulnerability. Mandiant says it can be exploited either by a hacker physically unlocking an unprotected device, or by the user installing a malicious application.
"Additionally, the permission required to perform this is requested by millions of applications, so it wouldn't tip the user off that something is wrong". "It's hard to believe that any antivirus would flag this threat", Mandiant wrote in a blog. Android is no stranger to being the subject of cybercrime attacks, with Google needing to continually extend and improve the security needs to ensure users stay safe. In this case, the app would be able to execute commands as the "radio" user, which means it has access to other system resources, such as Phone and Telephony Providers, and to system settings such as WRITE_SETTINGS_SECURE (change key system settings), BLUETOOTH_ADMIN (discover and pair Bluetooth devices), WRITE_APN_SETTINGS (change APN settings), DISABLE_KEYGUARD (disable lock screen).
However, Android Gingerbread (2.3.x), Ice Cream Sandwich MR1 (4.0.3), Jellybean MR2 (4.3), KitKat (4.4), and Lollipop (5.0) are all vulnerable to some degree. This vulnerability has been identified as CVE-2016-2060 which exists in a software package maintained by Qualcomm and if exploited, can grant the attacker access to the victim's SMS database, phone history, and more. "There is no performance impact or risk of crashing the device", the report added. The vulnerability seems to affect all Android devices with Qualcomm chips and/or Qualcomm code. Fayette Advocate