QuadRooter vulnerabilities leaves 900 million Android devices at risk of attack

Surasak-Ch-623x432

Over 900 million Android smartphones and tablets are vulnerable to cyberattacks, as they contain a set of four vulnerabilities dubbed QuadRooter.

These flaws were found in devices that use Qualcomm chipsets, Check Point revealed at this year’s DEF CON 24 Hacking Conference in Las Vegas.

It stated that if any of the four vulnerabilities are exploited by cybercriminals, it can give them access to smartphones and tablets.

In other words, QuadRooter allows for cybercriminals to “trigger privilege escalations for the purpose of gaining root access to a device”.

“An attacker can exploit these vulnerabilities using a malicious app,” explained Adam Donenfeld, lead mobility security researcher at Check Point.

“Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.”

Commenting on the news, Qualcomm, which specializes in 3G and next-generation mobile technologies, said that it was notified of the vulnerabilities earlier this year.

It responded with patches for all four of the vulnerabilities between April and July.

However, as Check Point observes, because the flaws are already present in the affected devices “at the point of manufacture”, the process for resolving the problem isn’t straightforward.

Mr. Donenfeld explained: “They can only be fixed by installing a patch from the distributor or carrier.

“Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s