QuadRooter vulnerability affects Android devices

Tuesday, 09 August, 2016

Dollarphotoclub 89418129

Four newly discovered Android vulnerabilities have been announced by mobile researchers from Check Point Software Technologies Ltd at Def Con 24 in Las Vegas. The vulnerabilities affect more than 900 m Android smartphones and tablets and could provide attackers with complete control of the devices, as well as access to sensitive data.

Check Point calls the set of vulnerabilities QuadRooter. If exploited, they could also provide an attacker with capabilities such as keylogging, GPS tracking and recording video and audio. They are found in the software drivers Qualcomm ships with its chipsets and can be exploited using a malicious app. The app would require no special permissions to take advantage of the vulnerabilities, which means it would not make users suspicious.

Since the vulnerable software drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the device’s distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.

Michael Shaulov, head of mobility product management for Check Point, said, “The supply chain is complex, which means every patch must be added to and tested on Android builds for each unique device model affected by the flaws. This process can take months, leaving devices vulnerable in the interim, and users are often not made aware of the risks to their data. The Android security update process is broken and needs to be fixed.”

Check Point researchers provided Qualcomm with information about the vulnerabilities in April 2016. The team then followed the industry-standard disclosure policy (CERT/CC policy) of allowing 90 days for Qualcomm to produce patches before disclosing the vulnerabilities. Qualcomm reviewed these vulnerabilities, classified each as high risk and has since released patches to original equipment manufacturers (OEMs).

Affected devices include Samsung Galaxy S7 & S7 Edge, Sony Xperia Z Ultra, Google Nexus 5X, 6 & 6P, HTC One M9 & HTC 10, LG G4, G5 & V10, Motorola Moto X, OnePlus One, 2 & 3, BlackBerry Priv and Blackphone 1 & 2.

Image credit: ©Duncan Andison/Dollar Photo Club

Related News

VidCon makes Melbourne its home

Melbourne will host the world's largest online video conference, VidCon, in 2019 and 2020.

RMIT launches Australian-first blockchain strategy course

The RMIT course was developed with industry to enable business leaders to develop a rich and...

Victoria to boost tech innovation and foreign trade

The Victorian Government will be showcasing the state's cybersecurity, defence and digital...

  • All content Copyright © 2018 Westwick-Farrow Pty Ltd