CVE-2018-11922
📋 TL;DR
The Touch Pal application on Qualcomm devices was configured to collect user behavior data without user consent or awareness. This affects users of Android devices with Qualcomm chipsets running vulnerable versions of the Touch Pal application.
💻 Affected Systems
- Touch Pal application on Qualcomm-based Android devices
📦 What is this software?
215 Firmware by Qualcomm
⚠️ Risk & Real-World Impact
Worst Case
Mass collection of sensitive user behavior data including keystrokes, app usage, and personal information without user knowledge, leading to privacy violations and potential credential theft.
Likely Case
Unauthorized collection of user activity data for analytics or advertising purposes without proper disclosure or consent.
If Mitigated
Limited data collection with proper user awareness and consent mechanisms in place.
🎯 Exploit Status
The vulnerability is inherent in the application's configuration, requiring no special exploitation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: May 2018 Android security patch level or later
Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html
Restart Required: Yes
Instructions:
1. Check for Android system updates in Settings > System > System Update. 2. Install May 2018 or later security patches. 3. Restart device after installation. 4. Verify Touch Pal app is updated through Google Play Store if available.
🔧 Temporary Workarounds
Disable Touch Pal Input Method
androidSwitch to a different keyboard/input method and disable Touch Pal permissions
Settings > System > Languages & input > Virtual keyboard > Manage keyboards > Disable Touch Pal
Uninstall Touch Pal Application
androidRemove the vulnerable application completely if not required
Settings > Apps > Touch Pal > Uninstall
🧯 If You Can't Patch
- Disable network permissions for Touch Pal application to prevent data exfiltration
- Use device firewall or network filtering to block Touch Pal application internet access
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android security patch level. If date is before May 2018, device is vulnerable.Check Version:
Settings > About phone > Android security patch levelVerify Fix Applied:
Verify Android security patch level shows May 2018 or later date. Check Touch Pal app version in Google Play Store for updates.📡 Detection & Monitoring
Log Indicators:
- Unusual network traffic from Touch Pal application
- Data collection events in application logs
Network Indicators:
- Outbound connections from Touch Pal app to analytics or tracking domains
- Unencrypted data transmission containing user behavior data
SIEM Query:
source="android_device" app="Touch Pal" (event_type="data_collection" OR dest_ip IN [analytics_domains])