Almost a billion devices may be at risk from QuadRooter Android flaw

Almost a billion devices may be at risk from QuadRooter Android flaw

Uh-oh.

Check Point researchers have warned of a security hole in the microchips used in almost a billion Android devices that - if exploited - could give hackers complete access:

An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.

The set of vulnerabilities, dubbed QuadRooter, disclosed during a session at Def Con in Las Vegas, and are present in Qualcomm chipsets used by many of the most popular Android devices, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

If left unpatched, the QuadRooter vulnerabilities could give attackers complete control of compromised devices, allow malicious hackers to access sensitive information, and plant malware.

Check Point has released a free scanner app to help Android users know if their personal devices are at risk.

In addition Check Point offers sensible advice in its blog post for Android users to apply the latest OS security updates (if they are made available, of course...), to be wary of installing apps from unknown sources, and to double-check that the permissions requested by Android apps are appropriate.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Neville Fernandez

    August 9, 2016 at 12:40 pm #

    I have a Samsung Note 3 (AT&T) running Lollipop that was given to me by my employer. It was purchased in the US. It's been over a year now and no updates have been pushed by them. Compare that to my Lenovo K3 Note that I purchased in India where I get regular updates. The difference is that in India, the mobile mobile phone market is not in the stranglehold of the carriers. In fact, buying an unlocked phone not tied to any carrier is the norm. I hope the US carriers a more responsive when it comes to releasing patches and updates.

Leave a Reply