QuadRooter puts 900 million Android handsets at risk of attack

[vc_row][vc_column][vc_column_text]Security Researchers at Check Point have discovered four Android vulnerabilities dubbed QuadRooter that affect 900 million devices, or basically any device using a Qualcomm chipset.

The firm announced the four troublemakers at Defcon and has produced a list of the affected phones by model and manufacturer.

Some of the latest and most popular Android devices found on the market today use these chipsets, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. Any Android device built using these chipsets is at risk. The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices.

Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.

[/vc_column_text][vc_column_text]CheckPoint state in a blog post,

“QuadRooter is a set of four vulnerabilities affecting Android devices that are built on chipsets from Qualcomm, a supplier of 80 per cent of the chipsets in the Android ecosystem,”

“If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device, enabling them to change or remove system-level files, delete or add apps and access the device’s screen, camera or microphone.

“The vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. An attacker can exploit these vulnerabilities using a malicious app to trigger privilege escalations and gain root access to a device.

“This app would require no special permissions to take advantage of the vulnerabilities, which means they would not make users suspicious.”

Defcon has a summary of a talk about QuadRooter by Adam Donenfeld, a senior security researcher at Check Point, who said that some bad stuff is getting into the Android paddling pool despite Google’s best efforts.

“Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe,”

“With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.”

[/vc_column_text][vc_single_image image=”84633″ img_size=”full” alignment=”center”][vc_column_text]

Check if your device is vulnerable

The Check Point QuadRooter Scanner analyzes your Android smartphone or tablet to discover if it’s vulnerable to the newly-discovered QuadRooter vulnerabilities. QuadRooter allows attackers to take complete control of Android devices, potentially exposing your sensitive data to cybercrime. The scanner app is designed to give you clear indications of the threat risk to your device and provides more information about QuadRooter, including which vulnerabilities affect your device and how they work.[/vc_column_text][/vc_column][/vc_row][vc_row css=”.vc_custom_1436750488326{margin: 10px !important;padding: 10px !important;background-color: #f4f4f4 !important;border: 10px groove #eaeaea !important;}”][vc_column width=”1/3″][vc_single_image image=”28807″ img_size=”full” alignment=”center”][vc_single_image image=”6622″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter”][/vc_column][vc_column width=”1/3″][/vc_column][vc_column width=”1/3″][vc_empty_space height=”15px”][vc_column_text]Version: 1.0
Updated: August 7, 2016
Category: Business
Price: Free
Requirements: Android 4.0 +
Developer: Check Point
In-app Products: No[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text][/vc_column_text][/vc_column][/vc_row]

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services