CVE-2016-10471

Vulnerability

The vulnerability resides in the RTIC (Real-Time Integrity Check) health report mechanism on Qualcomm Snapdragon chipsets. The report is unsigned, making it susceptible to tampering by malware executing in the context of the HLOS (High-Level Operating System). Affected chipsets include SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, as well as Snapdragon Automobile platforms. The issue is present in Android builds prior to the 2018-04-05 security patch level [1].

Exploitation

An attacker with malware already running in the HLOS context can request an RTIC health report and modify it because the report lacks cryptographic signing. No additional privileges or user interaction are required beyond the initial malware execution. The attacker can tamper with the report content, potentially masking malicious activity or providing false health status.

Impact

Successful exploitation allows the attacker to tamper with the RTIC health report, which could be used to hide malware presence or mislead integrity checks. This compromises the integrity of the system's health monitoring, potentially allowing further malicious actions without detection.

Mitigation

The fix is included in the Android security patch level 2018-04-05 or later. Users should ensure their devices receive this update. Qualcomm released patches for the affected chipsets, and OEMs incorporated them into their Android security updates [1]. No workaround is available; updating is the only mitigation.