There are 4 newly-discovered vulnerabilities dubbed “Quadrooter,” in Android phones and tablets shipped with Qualcomm chip, these vulnerabilities allows an attacker to take complete control of an affected device and so far has affected over 900 million phone and tablets, according to Check Point researchers who discovered the flaws.
How does this work?
For this to work, the attacker tricks Android users into installing a malicious application which wouldn’t require any special permissions. From there, if successfully exploited, the attacker gains root access, giving the attacker full access to the affected Android device, its hardware and its data, the hacker even gains access to the device camera and microphone.
So far devices affected are Google’s branded Nexus 5X, Nexus 6, and Nexus 6P, Samsung’s Galaxy S7 and S7 Edge, and even the recently-announced BlackBerry DTEK50, which the company says is the “most secure Android smartphone,” is also vulnerable to one of the flaws.
Is there a patch?
According to a Qualcomm spokesperson, the semiconductor company has fixed all flaws, and also issued patches also users. Fixes provided by Qualcomm have already gone into Android’s monthly set of security patches issued early each month by Google to its branded Nexus devices. Other smartphone or tablet manufacturers will roll out patches soon.
“Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered,” the Federal Communications Commission (FCC) and Federal Trade Commission were quoted by CNN. “There are significant delays in delivering patches to actual devices — and older devices may never be patched.”
Although three flaws were fixed in Google’s latest set of monthly security updates, a Google spokesperson confirmed that the fourth flaw will be fixed in the upcoming September update, due out a little after the start of next month.
How can I protect myself
To remain protected from the QuadRooter Qualcomm chipset vulnerability Check Point advises that users install Android updates as soon as possible after they are made available, also running security apps such as Mobile Threat Prevention could be of help. Check Point also advises that users refrain from installing “side-loading” apps, which can be recognized by.APK file extensions, and to carefully read and consider the permissions apps request when being installed.
Qualcomm Inc. is an American multinational semiconductor and telecommunications equipment company that designs and markets wireless telecommunications products and services. It derives most of its revenue from chipmaking and the bulk of its profit from patent licensing businesses. The company headquarters are located in San Diego, California, United States, and has 224 worldwide locations. The parent company is Qualcomm Incorporated (Qualcomm), which includes the Qualcomm Technology Licensing Division (QTL). Qualcomm’s wholly owned subsidiary, Qualcomm Technologies, Inc. (QTI), operates substantially all of Qualcomm’s R&D activities, as well as its product and services businesses, including its semiconductor business, Qualcomm CDMA Technologies.