Trustlook is taking steps to combat a widespread vulnerability affecting millions of Android devices. First discovered by FireEye in March 2016, the vulnerability is present in all Android Jelly Bean, KitKat and Lollipop phones using Qualcomm CPUs. On these devices, third party apps could gain special system privileges, or access to a user’s SMS database and phone history, without a user’s knowledge.
To determine if a user device is vulnerable to this threat, Trustlook released a free Qualcomm Vulnerability Scanner application (available here) to enable any Android phone owner to check for this security threat. If the device is exposed, a user may be able to download a software update from the device manufacturer that contains a security patch.
A major concern is that for many devices, there may be no fix available because the device is no longer supported by the manufacturer with regular updates and security patches. The only foolproof way to eliminate the vulnerability is to get a new device or install a mobile security app on the phone.
Trustlook is working on providing additional protection against potential exploits of the Qualcomm vulnerability, particularly for devices that currently lack a security patch for the system software, in its core Trustlook Mobile Security application. Please stay tuned for updates on this. In the meantime, you are highly encouraged to download the Qualcomm Vulnerability Scanner to determine if your device is at risk.