Over 900 million Android devices are affected by the new “QuadRotter” hack. A set of 4 security flaw in the Qualcomm chipsets that powers the Android devices is vulnerable to hackers. If any one of the 4 vulnerabilities is exploited, it will allow attackers to gradually take over a user’s handset and gain root access.
Qualcomm is the world’s leading designer of LTE (Long Term Evolution) chipsets with a 65% share of the LTE modem baseband market. Hackers would simply have to trick people into downloading a malicious app to make all this possible.
The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas.
Critical Quadrooter Vulnerabilities:
- CVE-2016-2503 discovered in Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.
- CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google’s Android Security Bulletin for August 2016.
- CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.
- CVE-2016-5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.
Checking If You Device Is Vulnerable To Hackers
By using Check Point’s free app you can check if your smartphone or tablet is vulnerable to Quadrooter attack. However these flaws can only be fixed by installing a patch from the device’s distributors after receiving fixed driver packs from Qualcomm.
This situation highlights the inherent risks in the Android security model, the researchers say. “Critical security updates must pass through the entire supply chain before they can be made available to end users.
Here’s the list of some of the popular affected devices :
- Samsung Galaxy S7 and S7 Edge
- Sony Xperia Z Ultra
- Google Nexus 5X, 6 and 6P
- HTC One M9 and HTC 10
- LG G4, G5 and V10
- Motorola Moto X
- OnePlus One, OnePlus Two and OnePlus Three
- BlackBerry Priv
- Blackphone 1 and 2
However the above list of devices are only some of the 900 million devices affected , there are other tons of devices aftected by these flaws. Three of the four vulnerabilities have already been fixed in Google’s latest set of monthly security updates, and a patch for the remaining flaw will be rolled out in the upcoming September update.