Google: QuadRooter Threat Blocked On Most Android Devices

...

Client computing is increasingly providing a back door into the enterprise for the compromise and

Google has confirmed that a feature called Verify Apps, built into Google Play Services, is intended to safeguard Android devices from the QuadRooter security threat.

Android users had a major security scare this week. A set of four security vulnerabilities was reported to leave 900 million Android smartphones and tablets vulnerable to hackers.

A team of mobile researchers at security firm Check Point initially discovered the set of flaws and dubbed it "QuadRooter." It affects Android devices equipped with Qualcomm chipsets, which power popular devices including three Google Nexus models and the Samsung Galaxy S7.

Hackers who wanted to exploit one of these vulnerabilities could assume total control over the victim's device. All they would have to do is trick an unsuspecting user into downloading a mobile app, through which they could achieve root access.

[Report: Global IT Security Spending Will Top $81B In 2016]

Naturally, the potential danger of QuadRooter was of concern to consumers and businesses. Sensitive corporate data, video and audio recordings, and capabilities like GPS tracking could be accessed in a successful breach.

At the time QuadRooter was reported, a Qualcomm spokesperson stated the company had addressed all flaws and provided patches to the open-source community by the end of July, ZDNet reported.

Most fixes were delivered via Android monthly security updates, which Google delivers for its Nexus product lineup. Three flaws were addressed in the latest batch of fixes. A delayed final patch will arrive in an upcoming Android update reported to arrive at the beginning of September.

But, Google has confirmed Android users may be safer than they originally thought. A feature called "Verify Apps" is designed to protect them from the QuadRooter threat.

Verify Apps, which is built into Google Play Services, was enabled by default as part of the Android 4.2 Jelly Bean launch nearly 4 years ago. The feature was created to discover and block the type of attacks enabled by QuadRooter, Google reported to Android Central.

"Exploitation of these issues depends on users also downloading and installing malicious applications," a Google spokesperson told Android Central. "Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these."

It's important to note devices are technically vulnerable even if Verify Apps is on, the report stated. However, users would have to manually disable another security feature to allow hackers to gain access.

The type of attack conducted via QuadRooter is serious enough for Verify Apps to completely block before installation can begin. Users would see an alert stating "Installation has been blocked" rather than a message of "Installing this app may harm your device," which would give the option to proceed.

All versions of Android following Android 4.2 Jelly Bean with Google Play Services are equipped with Verify Apps. This means more than 90% of devices actively running Android should be protected from the dangers of QuadRooter.

Older versions of Android, dating back to the 2010 release of Android Gingerbread, also have the Verify Apps feature. If you're using an older edition of the OS, you'll have to enable the protection by going to Settings > Security.

This means the QuadRooter vulnerability will likely affect far fewer than 900 million devices -- with 90% of smartphones and tablets running Android being automatically protected from the threat and the other 10% can manually enable the protection.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Galaxy S8's Face Unlock Might be Just as Bad as Android 4.0's

    On stage during the unveiling of the Galaxy S8 and Galaxy S8+, Samsung detailed a security feature similar to one found in Ice Cream Sandwich – Face Unlock.With it, users simply hold their face up to the phone, the phone recognizes the user, then unlocks the phone.
  • 5300c769af79e

    YouTube Testing Native Sharing, Threads of Videos and Conversations With Friends

    Rolling out to a very limited amount of users, YouTube is testing a messaging and sharing feature from directly within the YouTube app on Android.With this feature, called Native Sharing, users can share YouTube videos to other YouTube users, without the need of leaving the app itself.
  • 5300c769af79e

    Hidden Tips for Mastering iOS 10

    With the release of every new mobile operating system—especially Apple's iOS—there comes a slew of new features.Like iOS 9 and iOS 8 before it, iOS 10 is no exception.
  • 5300c769af79e

    Business Card Request Form

    Afghanistan Albania Algeria American Samoa Andorra Angola Antigua and Barbuda Argentina Armenia Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Brazil Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Colombia Comoros Congo, Democratic Republic of the Congo, Republic of the Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Faroe Islands Fiji Finland France French Polynesia Gabon Gambia Georgia Germany Ghana Greece Greenland Grenada Guam Guatemala Guinea Guinea-Bissau Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kosovo Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Mauritania Mauritius Mexico Micronesia Moldova Monaco Mongolia Montenegro Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Zealand Nicaragua Niger Nigeria Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Rwanda Saint Kitts and Nevis Saint Lucia Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Sudan, South Suriname Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands, British Virgin Islands, U.S.