Critical QSEE vulnerability through fake Android apps could allowing hackers access to your device
Businesses using Android-powered smartphones are being urged to review their security practices after researchers warned of an unpatched vulnerability that could impact as many as 60 percent of devices running the operating system.
A flaw in software used by chipmaker Qualcomm is the cause of the concern and could have wide-ranging effects given its chips are used in as many as 80 percent of Android smartphones, including handsets made by Samsung, HTC, Sony and others.
The vulnerability is found within the Qualcomm Secure Execution Environment (QSEE) software, according to researchers Duo, with the flaw shared to other devices via malicious apps that manage to sneak past Google’s stringent Play Store regulations.
Once installed, the malicious app would allow hackers complete control over an entire device but using it to hoodwink the on-board security protections.
Google’s own monthly Android updates, particularly the one released in January 2016, should be enough to conquer the flaw, but Duo warns that many companies have been too slow to provide this update to their workers. The firm’s research revealed that 27 percent of Android phones are too old to receive the monthly updates, with many not even updated to Android 4.4.4 or later.
It is also suggesting that device manufacturers and network carriers speed up the development and rollout of patches for affected devices.
Google first began issuing regular monthly security and software updates to Android devices last August, although the company’s own-brand Nexus devices receive preferential treatment. Last month, Google said that it now checks over six billion installed apps on 400 million devices every day, with over one billion devices worldwide now protected by its security services.