On Friday, July 1, nearly 10 million Android devices with Qualcomm CPU chips were infected by malware called HummingBad, according to Israeli cybersecurity company, Check Point. Although the malware was originally discovered in February, there was a sharp spike of infections in mid-May that caught the eye of cybersecurity companies.
Although this problem is not entirely Google’s fault, it is still a serious problem for security vulnerabilities. Android full-disk encryption can be broken by brute-force attacks or a series of multiple attacks that attempt to enter every combination of passwords to gain access to your information. Full-disk encryption is a term used to describe the data automatically converted onto a hard drive that cannot be understood without the proper authentication key. Similar issues with full-disk encryption have been gaining public recognition in the debate between Apple and the FBI.
According to Check Point, HummingBad works by exploiting the software on the Qualcomm chip. "The first component attempts to gain root access on a device with...rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device," according to Check Point. "If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions."
Check Point states that a Chinese click advertising company called Yingmob used the HummingBad malware to get illegitimate clicks by controlling Android devices. In doing so, Yingmob made an estimated $300,000 per month in fraudulent ad revenue. Furthermore, Yingmob was able to sell access to these Android phones as well as whatever information was stored on them. According to Check Point, this malware was created by the company’s “Development Team for Overseas Platform.” Check Point further specified the party in charge by saying that "The team responsible for developing the malicious components is the 'Development Team for Overseas Platform' which includes four groups with a total of 25 employees."
People worldwide fell victim to this infection, including 1.6 million people in China, 1.35 million in India, 288 thousand in the US, and a notable amount in the Philippines, Indonesia, Turkey, the UK and Australia.
When asked to comment, a Qualcomm spokesperson had the following to say:
“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). QTI continues to work proactively both internally as well as with security researchers such as Gal Beniamini to identify and address potential security vulnerabilities. We have and will continue to work with Google and the Android ecosystem to help address security vulnerabilities and to recommend improvements to the Android ecosystem to enhance security overall.”
The two security vulnerabilities (CVE-2015-6639 and CVE-2016-2431) discussed in Beniamini’s June 30 blog post were also discovered internally, and patches were made available to our customers and partners.
Cybersecurity is and will remain an issue on all mobile devices, even if such devices were thought to be unable to get viruses. Stay updated on these issues and remember to be proactive in protecting your own devices from possible attacks.
If you found this interesting, you might also enjoy some of these posts: