Android CVE-2026-21385: The IoT Devices IT Forgot to Patch

In this episode of IT SPARC Cast – CVE of the Week, John Barger and Lou Schmidt dive into a newly exploited Android vulnerability that many IT teams may be overlooking.The issue centers around CVE-2026-21385, a high-severity vulnerability affecting Qualcomm graphics components used in Android devices. While the vulnerability requires physical access, it is actively being exploited in the wild, making it a serious concern for enterprise IT environments.But the real story isn’t smartphones.The bigger risk lies in Android devices hiding in plain sight across enterprise infrastructure — including point-of-sale terminals, warehouse scanners, embedded industrial systems, and other IoT devices that often run outdated Android versions and rarely receive timely security updates.⸻🔎 CVE-2026-21385 Overview•CVE: CVE-2026-21385•Severity: High (CVSS 7.8)•Component: Qualcomm GPU graphics driver used in Android•Exploit Status: Actively exploited in the wild•Access Required: Physical access•Patch: Included in March 2026 Android Security BulletinSeveral additional vulnerabilities were also patched in the same release, including critical Android framework remote code execution flaws, increasing the urgency for organizations to deploy updates wherever possible.⸻⚠ Why Enterprise IT Should CareMost organizations focus on employee phones when thinking about Android security.However, the real exposure often comes from embedded Android devices that organizations forget about:Common examples include:•Point-of-sale payment terminals•Warehouse inventory scanners (Zebra, Honeywell, etc.)•Retail handheld devices•Industrial control panels•Vehicle infotainment systems running Android•Embedded tablets in appliances or machineryMany of these devices:•Run older Android versions•Receive delayed or nonexistent updates•Expose USB or physical ports that could enable exploitation•Are connected to internal networksIf compromised, these systems could become the first step in a lateral network attack.⸻🔐 Key Security TakeawaysOrganizations should treat this vulnerability as a wake-up call for Android-based IoT security.Recommended actions:•Inventory all Android-based devices in your environment•Identify IoT or embedded Android systems•Verify whether vendors provide security updates•Push vendors for timelines if patches are not available•Segregate IoT devices onto isolated networks•Lock down physical access and exposed USB portsIgnoring embedded Android devices can create a hidden attack path directly into corporate networks.⸻💬 Listener FeedbackFollowing last week’s episode discussing the Conduent ransomware breach, listeners shared their experiences receiving breach notification letters.One listener reported receiving a notification despite not participating in government assistance programs, while another reported being impacted through health insurance providers like Blue Cross Blue Shield.The scope of the Conduent breach appears to be continuing to expand, reinforcing the importance of monitoring vendor supply-chain exposure.⸻🔗 Connect With UsIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn Hosted on Acast. See acast.com/privacy for more information.