Who’s Affected by Snapdragon Vulnerabilities ?

Hello everybody,

Qualcomm Snapdragon SoCs (systems on a chip) power more than a billion smart devices that are in use today. But most of Snapdragon modems and processes were found to have security flaws that could allow an attacker to gain root access.

Vulnerabilities that affect Android devices powered by Snapdragon have been recently discovered and were fixed by Google. These vulnerabilities if exploited could give root access on the target device simply by running a malicious app. Due to the fragmented nature of vulnerability patching in the mobile and Internet of Things (IoT) space, there’s a chance that users may not receive the security update.

These types of vulnerabilities are continuing to become a big problem.

CVE-2016-0819 – This vulnerability is known as a logic bug when an object within the kernel is freed. A node is deleted twice before it is freed. This causes an information leakage and a Use After Free issue in Android. (UAF issues are well-known for being at the heart of exploits, particularly in Internet Explorer.)

CVE-2016-0805 vulnerability lies in the get_krait_evtinfo. (Krait refers to the processor core used by several Snapdragon processors) and can be used in a multiple exploit attack. The function returns an index for an array; but validation of the inputs of this function are not sufficient. As a result, when the array krait_functions is accessed by the functions krait_clearpmu and krait_evt_setup, an out-of-bounds access results.

These two exploits can allow an attacker to gain root access on a Snapdragon-powered Android device  via a malicious app on the device. To prevent further attacks that may target either the patched vulnerabilities or similar ones that have yet to be discovered, the full details of this attack is not been disclosed.

On most smart phones, the system call perf_event_open (which is used by this attack) is open but vendors may heavily customize the kernel and SELinux policies of their devices and so it’s difficult to identify all devices that may be affected

Google’s February security bulletin shows that CVE-2016-0805 affects versions earlier than 4.4.4 to 6.0.1. Out of the tested devices Nexus 5, Nexus 6, Nexus 6P & Samsung Galaxy Note Edge were found to be vulnerable.

Any Snapdragon-powered Android device with a 3.10-version kernel is potentially at risk of this attack. But the attacker has to first get his malicious code onto the device so users should be very careful of installing apps from untrusted sources.

It is recommended that Android users check for an update to fix these flaws.

Source: Akati

Comments are closed.