A major flaw shipped with some phones powered by Qualcomm processors are at risk. This flaw, if exploited, reveals call history and text messages. This risk was detected by researchers from a security company called FireEye and Qualcomm has reportedly fixed this flaw earlier in March
However, since this flaw started shipping with devices five years ago, it’s very unlikely that affected devices will get the patch as many of these devices may no longer be supported by manufacturers.
Qualcomm modified an Android component called “netd” to improve tethering, thereby creating this vulnerability. The flaw can be used by malicious applications to access personal information on affected devices. It is estimated that this flaw affects hundreds of handset models and judging by the number of devices in the market right now, millions of Android devices are at risk.
To access the API exposed by this Qualcomm flaw, a device doesn’t even need to be rooted. All it takes is an application to have access to the widely used “ACCESS_NETWORK_STATE” permission.
It should be noted this attackers are not yet using exploiting this flaw. As mentioned earlier, Qualcomm has issued a fix to OEMs but unfortunately, a lot of affected devices will never be patched.