Android Security Flaw 'QuadRooter' Hits 900 Million Devices

...

Client computing is increasingly providing a back door into the enterprise for the compromise and

Researchers have discovered a set of security flaws that could leave more than 900 million Android smartphones and tablets vulnerable to hackers.

A set of four security vulnerabilities could affect nearly one billion Android smartphones and tablets equipped with Qualcomm chipsets, as discovered by Check Point.

The security firm's mobile research team has dubbed the set of flaws "QuadRooter". Its research findings were shared during a session at hacking conference DEF CON, which took place August 4-7 in Las Vegas.

Qualcomm is the world's top designer of LTE chipsets, Check Point explained, and has captured a 65% share of the LTE modem baseband space. The recently discovered vulnerabilities has left 900 million Android devices vulnerable to hackers.

[Read: Ransomware attacked nearly 50% of businesses in 2015]

A hacker who wanted to exploit any one of these vulnerabilities could do so through a malicious app. The app wouldn't need any special permissions to take advantage of the device, so an unsuspecting user may install it without thinking twice.

If successful in getting a user to download the app, a hacker could gain root access and assume full control over the device. This would give them free access to key business data and capabilities like GPS tracking or video and audio recording.

"Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place," wrote the Check Point mobile research team in a blog post.

Some of the most recent and popular Android devices are affected by Quadrooter.  These include the BlackBerry Priv, Blackphone 1, Blackphone 2, Google Nexus 5X, Nexus 6, Nexus 6P, HTC One, HTC M9, HTC 10, LG G4, LG G5, LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2, OnePlus 3, Samsung Galaxy S7, Samsung S7 Edge, and Sony Xperia Z Ultra.

QuadRooter was discovered when Check Point decided to analyze Qualcomm code in Android devices, explained senior security researcher Adam Donenfeld in his DEFCON presentation summary. Google has recently made several changes to improve security, he noted, but Qualcomm's efforts have an equal effect on Android device protection.

"During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems," Donenfeld wrote.

All Android smartphones and tablets equipped with Qualcomm chipsets are at risk. The QuadRooter vulnerabilities are found in drivers that manage communication between different parts of the chipsets, wrote Check Point.

Because drivers are pre-installed on the devices, the flaw can only be fixed with a patch provided by the carrier or distributor. Carriers can only provide the fix after Qualcomm gives them the fixed driver packs.

According to a Qualcomm spokesperson, the company had addressed all of the flaws and provided patches to the open-source community as well as customers and partners by the end of July, reported ZDNet.

Most fixes have been included in Android's monthly security updates, which Google provides on a monthly basis for its Nexus product lineup. Google addressed three flaws in its latest set of monthly security fixes, but one still remains because the final patch was delayed. It will be addressed in the September batch of fixes, which will arrive towards the beginning of the month.

"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," predicted Michael Shaulov, head of Check Point's mobility product management, to the BBC. "It's always a race as to who finds the bug first, whether it's the good guys or the bad."

For IT managers, Check Point has a few recommendations for protecting employee devices from QuadRooter-related attacks.

Device users should install the latest Android updates as soon as they are available and fully understand the risk of rooting a device, whether intentional or the result of an attack. App installation requests should be fully vetted and avoided if they require a large amount of data or battery life.

Employees often use Android devices for personal and business use. For these users, the firm recommends businesses launch a mobile security solution for detecting threats, and a personal mobile security product to monitor devices.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Google Maps Now Displaying Traffic Time Graph Inside of Directions

    As an example, let’s say you want to head to the mall.Simply plug in the address, then Google Maps will display the best time for you to go.
  • 5300c769af79e

    Apple's Project Titan Focuses On Autonomous Driving Software

    They are empowered Apple is bulking up its and sharpening the focus of its Project Titan team with the hiring of Dan Dodge, the former head of BlackBerry's automotive software division.Following the appointment of Bob Mansfield, the veteran Apple hardware engineer, as the of lead Project Titan -- the company's self-driving electric vehicle initiative -- comes a report that the tech giant may be shifting its focus to software as the project moves forward.
  • 5300c769af79e

    The Show: Episode 114 – New Nexus Thoughts and Pokémon GO Madness

    On this episode of The Droid Life Show, we plan on tackling the latest intel that has surfaced regarding upcoming Nexus devices from Google, sharing our final take on the OnePlus 3 (final review here), as well as discussing our take on the current Pokémon GO craziness that has taken the mobile gaming world by storm.Join us at 1:00PM Pacific (4:00PM Eastern) for the fun.
  • 5300c769af79e

    8 Business Benefits of Adopting DevOps

    Many of the arguments in favor of adopting DevOps approaches focus on the benefits that the IT department can experience as a result.Based on a survey of 1,770 senior business and IT executives worldwide, the study identified eight key business benefits that organizations experienced after adopting DevOps practices.