Millions of Android phones with Qualcomm chips are at risk: How to protect yourself

wireless emergency alert augmentation smartphone user
Tatsiana Yuralaits/123RF
A new widespread vulnerability that affects millions of Android devices around the world could allow hackers to read your SMS text messages, phone records, and perform any capabilities the radio allows.

What’s even worse is the fact that victims will have no idea if they have been hacked, and most of the affected devices won’t be patched.

Here’s a full breakdown of the hack, which phones it affects, and what you can do to protect yourself.

How it works

This hack involves the netd daemon, which is the network interface in Android. The problem arose when Qualcomm released new Application Program Interfaces (APIs) as part of the network_manager system service, which also involved the netd daemon. These APIs allowed additional tethering capabilities.

It’s not clear when exactly Qualcomm released these APIs, but it was discovered in January by Mandiant’s Red Team that the “netd service does not properly validate the interface name when a new upstream interface is added.”  Hackers could then use this invalid name for further system commands.

This vulnerability is labeled as CVE-2016-2060 with a medium risk. FireEye, a cyber security company, worked with Qualcomm to detail the vulnerability in a detailed blog post.

A hacker could exploit you with this vulnerability by having physical access to your device or by adding code to a malicious application that you install. The former would be the most unlikely situation, since the hacker would need to steal your device, and it would need to be unlocked. The latter is more likely, since millions of devices could be targeted remotely.

Unfortunately, a malicious application could interact with the API without your knowledge. You wouldn’t get any alerts and your device won’t run any slower. To make matters worse, Google Play might not flag these apps as malicious, since it would be impossible for Google’s security scanner to detect that such an app would be accessing the API for malicious reasons.

Affected devices

According to FireEye, devices dating back to Android Gingerbread are affected, but newer versions of Android aren’t. If your device is running Gingerbread, Ice Cream Sandwich, Jelly Bean, KitKat, or Lollipop, you’re likely affected if your phone has a Qualcomm processor.

According to the most recent Android distribution numbers (posted May 2, 2016), 92.4 percent of all devices have these versions of Android. However, not all of these devices have a Qualcomm processor. It’s unknown how many of them do, but it’s a safe bet that at least a half of them sport a Qualcomm chip, since it’s a popular processor. That would mean close to 50 percent of Android devices are affected or more than 500 million.

Qualcomm issues an update patch, but most users won’t get it

FireEye worked with Qualcomm starting in January 2016, which resulted in a fix by March 2016. FireEye said Qualcomm “was extremely responsive throughout the entire process” and achieved the 90 day window set to issue a fix.

Qualcomm sent the update to all manufacturers so that they can update their devices, but unfortunately, most people won’t get it since manufacturers generally stop updates within a year or two of a device’s existence.

Protecting yourself

The first thing you need to do is find out what version of Android your device is running. Head into Settings and tap on About Phone. Look under Android Version, and note the number. If it’s 5.1.x or below, you’re affected if your phone has a Qualcomm processor.

You can easily find out if you have a Qualcomm processor by installing CPU-Z from Google Play. Open the app, and it will tell you the make and model of your processor within a few seconds.

If your phone is affected, there isn’t much you can do to fully protect yourself if you continue to use your device. The best method would be to buy a newer phone that is running Android 6.0 Marshmallow, since it won’t be affected by this vulnerability.

We understand that buying a new phone might not be feasible at this time, so there are a few things you can do to lessen your chances of getting hacked, but understand there is no way to fully defend yourself other than buying a newer device.

  1. Never download third-party apps and sideload them.
  2. Pay attention to the apps you download from Google Play. If you stick with popular apps that are highly rated, you will lessen your chances of getting hacked.
  3. Download an antivirus app from Google Play such as Lookout Security and Antivirus. FireEye admits that apps like this probably won’t detect the vulnerability, but it’s not a bad idea to install one since that could change, not to mention, it might help you with other security threats.

Note: The FireEye Mobile Security app will detect the Qualcomm vulnerability, but it’s only for enterprise customers. If you have a corporate phone, check with your administrator to find out if your company subscribes to the service.

The good news is that FireEye has been monitoring the use of the API, and hasn’t found any occurrences of it being exploited. However, that could change as hackers learn of the flaw.

Looking at the big picture, it’s still more unlikely than likely that you will fall victim to an attack, but there’s always a chance no matter how small that is. If you follow the simple steps above, you will lessen your chances even more.

Android

The dramatic BlackBerry Key2 Red Edition is now available in the U.S.

BlackBerry's Key2 is likely to be the best keyboard-equipped phone in 2019, with a modern look, some powerful specs, and totally revamped features. Here's everything you need to know about it.
Mobile

Samsung Galaxy S10 update gives manual control of Bright Night mode

Samsung 2019 flagship smartphone lineup is here, and there aren't just two phones as usual — there are four. There's the Galaxy S10, S10 Plus, as well as a new entry called the S10e, as well as the Galaxy S10 5G.
Mobile

The OnePlus 3 & 3T both receive an open beta for Android Pie

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.
Mobile

The black satin Razer Phone 2 is now available for $500

The Razer Phone 2 is finally here, and it's got upgraded specs, that super-smooth 120Hz display, and an updated design. Here's absolutely everything you need to know about the Razer Phone 2.
Digital Trends Live

Digital Trends Live: Samsung Galaxy Fold woes, zombie pigs, and more

Today's topics: Samsung Galaxy Fold, Facebook A.I. voice assistants, YouTube comes to Fire TV, facial recognition on airline flights, the SpaceX DART program, Yale's zombie pigs, and much more!
Deals

The excellent Moto G6 is just $99 from Google Fi for a limited time

Getting a cheap smartphone can be a great way to squeeze value out of your dollars. Motorola's Moto G-range has always been good value, but never better than this: Get the Moto G6 for just $99 from Google Fi.
Product Review

The Xperia 10 Plus feels great in your hand, but you'll still want to put it down

There has never been a better time to buy a smartphone with an unusual design, and one of the cheaper models out there vying for your attention is the Sony Xperia 10 Plus, with its 21:9 aspect ratio screen.
Mobile

Keep your huge phone beautiful with the best iPhone XS Max cases

Apple's iPhone XS Max might be the best large phone the company has ever released. But a bigger OLED display and body means there's more glass to crack. Keep your massive phone safe with the best iPhone XS Max cases.
Deals

Apple iPads and iPad Pros get price cuts up to $150 on Amazon

In the market for a new iPad? Now might be the time to buy -- Amazon has discounted a range of iPad models, including the 10.5-inch, 11-inch, and 12.9-inch iPad Pro models, plus the standard iPad.
Deals

Ultra Wideband is here, and you can use it with the 5G Moto Mod (and save $150)

5G is rolling out in the U.S., and Motorola’s Moto Z3 is one of the few phones that can use it. Select people can take advantage of Verizon’s 5G service and enjoy a $150 discount with the purchase of a Moto Z3 and 5G Moto Mod bundle.
Deals

The best Amazon Prime Day 2019 deals: Everything you need to know

Amazon Prime Day 2019 is still a few months off, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.
Mobile

The 15 most stylish iPhone docks and charging stands for your device

The right iPhone dock does more than just hold your phone. If you’re looking for the perfect dock for your bedroom, or one to sit discretely on your office desk, there’s a good chance you’ll find it here.
Trash

How to save yourself money by buying a refurbished iPhone

There’s a lot to consider when you’re looking for a new iPhone, and it can be very expensive. Save yourself some heartache and some money with our guide on how to buy a refurbished iPhone.
Mobile

BlackBerry Messenger to shut down in May, be replaced by enterprise version

BlackBerry Messenger for consumers will shut down at the end of May, nearly six years after it was launched. The app is going back to its roots, in a way, as it is being replaced by the much simpler BlackBerry Messenger Enterprise.