facebook rss twitter

900 million Qualcomm Android devices vulnerable to attack

by Mark Tyson on 9 August 2016, 14:31

Tags: Google (NASDAQ:GOOG)

Quick Link: HEXUS.net/qac5ig

Add to My Vault: x

Security outfit Check Point has revealed a quartet of vulnerabilities which affect over 900 million Android devices worldwide. The set of vulnerabilities, affecting even the newest and most secure Android flagship devices (as long as they have ‘Qualcomm Inside’), has been dubbed ‘QuadRooter’ by Check Point. The startling revelation was made at the DEFCON 24 Hacking Conference in Las Vegas over the weekend.

Qualcomm a the leading vendor in smartphone and tablet chipsets with its SoCs often cited as a desirable specification, especially where there are alternatives available. However, QuadRooter could cast a shadow over the brand with any one of the four vulnerabilities capable of allowing an attacker to gain root access to a device.

The Android vulnerabilities are in the driver software that ships with Qualcomm chipsets. If you want your device patched, you will have to wait for a patch from the device maker or carrier – assuming those organisations have received the fixed up driver packs from Qualcomm.

QuadRooter vulnerabilities are exploited via a specially designed malicious app. Interestingly the app requires no special permissions to do its devious work. Right now there are no reports of the QuadRooter vulnerabilities being used by malware writers and criminals. However, head of mobility product management at Check Point, Michael Shaulov, says that “I'm pretty sure you will see these vulnerabilities being used in the next three to four months”.

If you are worried/interested enough to check if your device is vulnerable to QuadRooter, there is a free scanning app from Check Point available on the Google Play store. Users are reminded to only install software directly from Google Play store as best practice to avoid malware, viruses and so on.

Example modern Android flagship devices, and modern devices with a focus on security, that are vulnerable to QuadRooter include the following:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

HEXUS Forums :: 13 Comments

Login with Forum Account

Don't have an account? Register today!
Clickbait title deluxe (like everywhere else really). Blowing up “there's an option to root your phone” to “900 million devices vulnerable/exploitable” .. jeez
Worst thing is that there's a fix, meaning that a bunch of phones will lose one (or in some cases the only) way to get root to get rid of manufacturer preinstalled garbage. nice…
Installed on my rooted Galaxy S7, no quadrooter vuln found :)
Erm, as a Samsung S7 Edge user I thought it was only the US versions that were “Qualcomm Inside”, the rest (like mine) use Exynos. Still the warning was handy because there's a G4 and a 5X in the house. Thanks!
Article would be much more interesting and worth reading if you would include how that vulnerability is working…
Checkpoint being an Israeli company i wouldn't be surprised they pushed this out, just so more people load Checkpoints own spyware crap onto their mobiles, just scare mongering