Almost a billion devices may be at risk from QuadRooter Android flaw

Almost a billion devices may be at risk from QuadRooter Android flaw


Check Point researchers have warned of a security hole in the microchips used in almost a billion Android devices that - if exploited - could give hackers complete access:

An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.

The set of vulnerabilities, dubbed QuadRooter, disclosed during a session at Def Con in Las Vegas, and are present in Qualcomm chipsets used by many of the most popular Android devices, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

If left unpatched, the QuadRooter vulnerabilities could give attackers complete control of compromised devices, allow malicious hackers to access sensitive information, and plant malware.

Check Point has released a free scanner app to help Android users know if their personal devices are at risk.

In addition Check Point offers sensible advice in its blog post for Android users to apply the latest OS security updates (if they are made available, of course…), to be wary of installing apps from unknown sources, and to double-check that the permissions requested by Android apps are appropriate.

Tags: , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

One Response

  1. Neville Fernandez

    August 9, 2016 at 12:40 pm #

    I have a Samsung Note 3 (AT&T) running Lollipop that was given to me by my employer. It was purchased in the US. It’s been over a year now and no updates have been pushed by them. Compare that to my Lenovo K3 Note that I purchased in India where I get regular updates. The difference is that in India, the mobile mobile phone market is not in the stranglehold of the carriers. In fact, buying an unlocked phone not tied to any carrier is the norm. I hope the US carriers a more responsive when it comes to releasing patches and updates.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.