Security outfit Check Point has revealed a quartet of vulnerabilities which affect over 900 million Android devices worldwide. The set of vulnerabilities, affecting even the newest and most secure Android flagship devices (as long as they have ‘Qualcomm Inside’), has been dubbed ‘QuadRooter’ by Check Point. The startling revelation was made at the DEFCON 24 Hacking Conference in Las Vegas over the weekend.
Qualcomm a the leading vendor in smartphone and tablet chipsets with its SoCs often cited as a desirable specification, especially where there are alternatives available. However, QuadRooter could cast a shadow over the brand with any one of the four vulnerabilities capable of allowing an attacker to gain root access to a device.
The Android vulnerabilities are in the driver software that ships with Qualcomm chipsets. If you want your device patched, you will have to wait for a patch from the device maker or carrier – assuming those organisations have received the fixed up driver packs from Qualcomm.
QuadRooter vulnerabilities are exploited via a specially designed malicious app. Interestingly the app requires no special permissions to do its devious work. Right now there are no reports of the QuadRooter vulnerabilities being used by malware writers and criminals. However, head of mobility product management at Check Point, Michael Shaulov, says that “I'm pretty sure you will see these vulnerabilities being used in the next three to four months”.
If you are worried/interested enough to check if your device is vulnerable to QuadRooter, there is a free scanning app from Check Point available on the Google Play store. Users are reminded to only install software directly from Google Play store as best practice to avoid malware, viruses and so on.
Example modern Android flagship devices, and modern devices with a focus on security, that are vulnerable to QuadRooter include the following:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra