Android Security Flaw 'QuadRooter' Hits 900 Million Devices


Client computing is increasingly providing a back door into the enterprise for the compromise and

Researchers have discovered a set of security flaws that could leave more than 900 million Android smartphones and tablets vulnerable to hackers.

A set of four security vulnerabilities could affect nearly one billion Android smartphones and tablets equipped with Qualcomm chipsets, as discovered by Check Point.

The security firm's mobile research team has dubbed the set of flaws "QuadRooter". Its research findings were shared during a session at hacking conference DEF CON, which took place August 4-7 in Las Vegas.

Qualcomm is the world's top designer of LTE chipsets, Check Point explained, and has captured a 65% share of the LTE modem baseband space. The recently discovered vulnerabilities has left 900 million Android devices vulnerable to hackers.

[Read: Ransomware attacked nearly 50% of businesses in 2015]

A hacker who wanted to exploit any one of these vulnerabilities could do so through a malicious app. The app wouldn't need any special permissions to take advantage of the device, so an unsuspecting user may install it without thinking twice.

If successful in getting a user to download the app, a hacker could gain root access and assume full control over the device. This would give them free access to key business data and capabilities like GPS tracking or video and audio recording.

"Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place," wrote the Check Point mobile research team in a blog post.

Some of the most recent and popular Android devices are affected by Quadrooter.  These include the BlackBerry Priv, Blackphone 1, Blackphone 2, Google Nexus 5X, Nexus 6, Nexus 6P, HTC One, HTC M9, HTC 10, LG G4, LG G5, LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2, OnePlus 3, Samsung Galaxy S7, Samsung S7 Edge, and Sony Xperia Z Ultra.

QuadRooter was discovered when Check Point decided to analyze Qualcomm code in Android devices, explained senior security researcher Adam Donenfeld in his DEFCON presentation summary. Google has recently made several changes to improve security, he noted, but Qualcomm's efforts have an equal effect on Android device protection.

"During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems," Donenfeld wrote.

All Android smartphones and tablets equipped with Qualcomm chipsets are at risk. The QuadRooter vulnerabilities are found in drivers that manage communication between different parts of the chipsets, wrote Check Point.

Because drivers are pre-installed on the devices, the flaw can only be fixed with a patch provided by the carrier or distributor. Carriers can only provide the fix after Qualcomm gives them the fixed driver packs.

According to a Qualcomm spokesperson, the company had addressed all of the flaws and provided patches to the open-source community as well as customers and partners by the end of July, reported ZDNet.

Most fixes have been included in Android's monthly security updates, which Google provides on a monthly basis for its Nexus product lineup. Google addressed three flaws in its latest set of monthly security fixes, but one still remains because the final patch was delayed. It will be addressed in the September batch of fixes, which will arrive towards the beginning of the month.

"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," predicted Michael Shaulov, head of Check Point's mobility product management, to the BBC. "It's always a race as to who finds the bug first, whether it's the good guys or the bad."

For IT managers, Check Point has a few recommendations for protecting employee devices from QuadRooter-related attacks.

Device users should install the latest Android updates as soon as they are available and fully understand the risk of rooting a device, whether intentional or the result of an attack. App installation requests should be fully vetted and avoided if they require a large amount of data or battery life.

Employees often use Android devices for personal and business use. For these users, the firm recommends businesses launch a mobile security solution for detecting threats, and a personal mobile security product to monitor devices.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Root Achieved for Snapdragon-Powered Samsung Galaxy S7 and Galaxy S7 Edge Devices

    Just to be clear, if you own a Galaxy S7 (SM-G930) or Galaxy S7 Edge (SM-G935) featuring a Qualcomm-made Snapdragon processor, and not the Samsung Exynos processor, you may proceed.At this time, root is achievable for what appears to be all carrier models, which is a big time win for Galaxy S7 or S7 Edge owners who love complete system access.
  • 5300c769af79e

    $120 Million Apple Patent Win Against Samsung Reinstated

    In another setback for Samsung this week, an appeals court reinstated a $120 million patent judgment that Apple won in the companies' long-running feud.6 million verdict in Apple's favor.
  • 5300c769af79e

    Indicators of Attack vs. Indicators of Compromise

    Download The information security community has long relied on Indicators of Compromise (IOCs) as the first sign that a system or organization has been breached.These indicators-artifacts left behind after a breach has occurred-can be valuable for forensics analysis, but by the time IOCs are detected the damage has already been done: networks were breached, data was stolen, and the victim organization's reputation and business have suffered.
  • 5300c769af79e

    Google Photos (for iPhone)

    With a recent update, Google has greatly improved on its Google Photos iPhone app.Note that you can now view Apple's combination-photo-and-video Live Photos in Google Photos.