QuadRooter puts 900 million Android handsets at risk of attack

[vc_row][vc_column][vc_column_text]Security Researchers at Check Point have discovered four Android vulnerabilities dubbed QuadRooter that affect 900 million devices, or basically any device using a Qualcomm chipset.

The firm announced the four troublemakers at Defcon and has produced a list of the affected phones by model and manufacturer.

Some of the latest and most popular Android devices found on the market today use these chipsets, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra
Premium IPTV in the UK

QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. Any Android device built using these chipsets is at risk. The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices.

Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.

[/vc_column_text][vc_column_text]CheckPoint state in a blog post,

“QuadRooter is a set of four vulnerabilities affecting Android devices that are built on chipsets from Qualcomm, a supplier of 80 per cent of the chipsets in the Android ecosystem,”

“If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device, enabling them to change or remove system-level files, delete or add apps and access the device’s screen, camera or microphone.

“The vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. An attacker can exploit these vulnerabilities using a malicious app to trigger privilege escalations and gain root access to a device.

“This app would require no special permissions to take advantage of the vulnerabilities, which means they would not make users suspicious.”

Defcon has a summary of a talk about QuadRooter by Adam Donenfeld, a senior security researcher at Check Point, who said that some bad stuff is getting into the Android paddling pool despite Google’s best efforts.

“Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe,”

“With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.”

[/vc_column_text][vc_single_image image=”84633″ img_size=”full” alignment=”center”][vc_column_text]

Check if your device is vulnerable

The Check Point QuadRooter Scanner analyzes your Android smartphone or tablet to discover if it’s vulnerable to the newly-discovered QuadRooter vulnerabilities. QuadRooter allows attackers to take complete control of Android devices, potentially exposing your sensitive data to cybercrime. The scanner app is designed to give you clear indications of the threat risk to your device and provides more information about QuadRooter, including which vulnerabilities affect your device and how they work.[/vc_column_text][/vc_column][/vc_row][vc_row css=”.vc_custom_1436750488326{margin: 10px !important;padding: 10px !important;background-color: #f4f4f4 !important;border: 10px groove #eaeaea !important;}”][vc_column width=”1/3″][vc_single_image image=”28807″ img_size=”full” alignment=”center”][vc_single_image image=”6622″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter”][/vc_column][vc_column width=”1/3″][/vc_column][vc_column width=”1/3″][vc_empty_space height=”15px”][vc_column_text]Version: 1.0
Updated: August 7, 2016
Category: Business
Price: Free
Requirements: Android 4.0 +
Developer: Check Point
In-app Products: No[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text][/vc_column_text][/vc_column][/vc_row]