VPN Articles and News

900 Million Android Devices Vulnerable To QuadRooter Security Flaw

By
Monday, May 1st, 2017


A new set of four Android vulnerabilities have been found which threaten the security of almost 900 million Smartphones and tablets. Dubbed as QuadRooter, the vulnerabilities were discovered by the security firm Check Point and were revealed to the general public during DEF CON 24 which was held in Las Vegas in the first week of August. After the StageFright bug (discovered in July’ 2015) which threatened the security of almost one billion Android devices, QuadRooter is the most high profile bug to affect so many devices at once.

What is QuadRooter Security Flaw?

QuadRooter refers to a set of vulnerabilities found in Android devices running on Qualcomm chipsets. Qualcomm is the leading chip maker for mobile devices which powers almost 900 million Smartphones and tablets (representing 65% market share of LTE based chipsets). The most dangerous thing about QuadRooter is that it can be triggered by exploiting any one of the four vulnerabilities. Also, since the vulnerability is associated with software drivers that come bundled with the chipset, it affects all the versions of Android. The bug has the potential to compromise the security of Samsung S7 Edge, Moto X, Sony Xperia Z Ultra, BlackBerry Priv, LG G5, Nexus 6P, OnePlus 3, Samsung Galaxy S7, HTC One, HTC 10, Blackphone 2, Blackphone 1, LG V10, OnePlus 2, Nexus 6 as well as all the others models of Android Smartphones and tablets.

Apart from the fact that QuadRooter affects all the versions of Android, there’s another factor which makes it very dangerous. The bug is not only easy to exploit, it can be propagated to other devices as well. Hackers just need to send links to malicious apps which when installed could trigger the vulnerability within an Android device. What’s worse, such apps won’t need any special permissions so they are more likely to be installed by the users. Once the bug has been triggered within a device, hackers can gain root access to the device, access all data stored on it as well as gain complete control over camera, microphone and GPS functionality of the device.

The vulnerability is difficult to fix since it involves updates from both Google (creator of Android) as well as Qualcomm. While Qualcomm has released patches to fix all the four vulnerabilities, Google has addressed only three of them. Google is likely to roll out the patch for the fourth vulnerability along with the September updates to Android Operating system. Also, since the devices have been manufactured by dozens of different companies, patching the firmware into custom versions of Android is going to take some time.

Check Point has also released an Android app which lets the users test their devices for the QuadRooter vulnerability. You can download and install it from:

https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter

If you are an Android user, you must install OS updates as soon as they become available. In addition, you must refrain from installing malicious apps, avoid clicking on suspicious links or rooting your device. Since the QuadRooter bug affects a bewildering range of Android devices and a permanent fix for it is not yet available, it is better to take precautionary steps in order to remains safe from it.


May 1, 2017
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


8 + 5 =