60 Percent Of Enterprise Android Phones Are Affected By QSEE Vulnerability.
The researchers of Duo Labs have discovered the 60 percent of enterprise Android phones are infected by a vulnerability that could permit an attacker to automatically run any code in Qualcomm Secure Execution Environment (QSEE).
Whereas Kyle Lady who is a Senior Research and Development Engineer of a company said in a blog post that the January 2016 monthly updates about the security that is the only fix is available for phones with the infected software as well as there was only 25 percent of the Qualcomm-based phones which was seen by Duo Labs that have applied for the updates.
According to the post, to make matters worse, 27 percent of Android phones are too old to accepts the monthly updates and then it will leave permanently vulnerable.
Lady said in the post that “If an attacker can get a user to run a malicious app on an affected Android device, the attacker can gain complete control over the entire device by exploiting this QSEE vulnerability.”
Lady told through an emailed comments that the vulnerability i.e; CVE-2015-6639 presents in the particular secure operating system which run on the QSEE.
He also said, “Essentially, an attacker ‘leapfrogs' into the QSEE via a vulnerability in a less-trusted application. It assumes that the attacker has a vulnerability in Android's ‘mediaserver', which is a reasonable assumption, given that there are vulnerabilities in media server announced nearly every month.”
Lady said that previously the attackers have control over the media server that they can right to use the QSEE through a vulnerability in one of "secure" apps of QSEE.
He suggested to the users update their phones to the possible newest version and it uses the Nexus series phones to keep away from waiting for manufacturers as well as carriers to allocate the updates as well as it avoids the installing the unnecessary applications.