Almost 1bn Android smartphones vulnerable to new QuadRooter risk

8 Aug 201646 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

900m Android devices with Qualcomm chips around the world are understood to be affected by a high-risk vulnerability

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

More than 900m Android devices with Qualcomm chips are understood to be affected by a high-risk vulnerability that won’t be patched until next month.

The Check Point mobile threat research team, which calls the set of vulnerabilities QuadRooter, presented its findings in a session at the Def Con 24 hacking conference in Las Vegas at the weekend.

Qualcomm is the world’s leading designer of LTE chipsets, with a 65pc share of the LTE modem baseband market.

What is QuadRooter?

QuadRooter is a set of four vulnerabilities affecting Android devices using Qualcomm chipsets. These including devices from BlackBerry, Google’s various Nexus devices, most recent HTC devices, LG, Motorola, OnePlus, Samsung’s S7 and S7 Edge and the Sony Xperia Z Ultra.

QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets and any device with these chipsets are at risk.

“An attacker can exploit these vulnerabilities using a malicious app,” Check Point warned.

“Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.”

If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.

Check Point said that since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier.

The earliest such update may not be available until September.

“This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users,” Check Point said.

“Once available, the end users must then be sure to install these updates to protect their devices and data.”

Android security image via Shutterstock

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com