Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 14 MINUTES AGO.
You are here: Home / Network Security / Quadrooter Affects 900M Androids
Quadrooter Bug Affects 900 Million Android Devices
Quadrooter Bug Affects 900 Million Android Devices
By Dan Heilman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
08
2016
Recently uncovered security flaws could mean trouble for owners of devices that run the Android operating system. Researchers at security firm Check Point recently discovered the vulnerabilities, together labeled Quadrooter, which may affect as many as 900 million Android devices.

Speaking about the discoveries last week at the Def Con security conference in Las Vegas, Adam Donenfeld, Check Point's lead mobile security researcher, revealed four new privilege escalation exploits that can be used to remotely gain root access to Android handsets.

To gain access, an attacker just has to get the user to install a malicious app. From there the attacker has full access to saved data and can also change or remove system-level files, delete or add apps and gain access to the device's screen, camera, or microphone, said Donenfeld.

Still Vulnerable?

As Donenfeld explained it, Google made several changes in the Android landscape to tighten security, but vulnerabilities have slipped through anyway. He also noted that Google is not the only company struggling to keep Android safe. Qualcomm, which makes 80 percent of the chipsets in the Android ecosystem, has almost as much of an effect on Android’s security as Google.

"If exploited, Quadrooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them," Check Point said in a blog post. "Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio."

Check Point examined Qualcomm’s code in Android devices, finding what it called multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.

In its Def Con presentation, the company reviewed the privilege escalation vulnerabilities it found and demonstrated a detailed exploitation that bypassed the existing mitigations in Android’s Linux kernel to run kernel-code, elevating privileges and thus gaining root privileges.

App Available

The smartphones at risk of being exploited by the Quadrooter vulnerabilities are: BlackBerry Priv; Blackphone, Blackphone 2; Google Nexus 5X, Nexus 6, Nexus 6P; HTC One, HTC M9, HTC 10; LG G4, LG G5, LG V10; New Moto X by Motorola; OnePlus One, OnePlus 2, OnePlus 3; Samsung Galaxy S7, Galaxy S7 Edge; and Sony Xperia Z Ultra.

Because the vulnerable drivers are pre-installed, they can only be fixed via patches from distributors or carriers. The patches can only be pushed to users by those distributors or carriers once they get new driver packs from Qualcomm.

Check Point is making available a free Quadrooter scanner app that scans users’ Android phones to see if the necessary patches have been downloaded and installed. The scanner app is available at https://www.checkpoint.com/resources/quadrooter-vulnerability-consumer/.

Qualcomm said it has already fixed all four flaws, while Google said it has patched three of them in an update supplied earlier this month. Final debugging will come with Google’s next security update, according to the Android Headlines Web site.

Image credit: Product shots by Qualcomm.

Tell Us What You Think
Comment:

Name:

Govind:
Posted: 2016-08-10 @ 4:09am PT
Google says calm down, Android users, Quadrooter vulnerability not a massive security threat.

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.