2 min read

900 million Android devices exposed by QuadRooter vulnerability quartet

Alexandra GHEORGHE

August 08, 2016

900 million Android devices exposed by QuadRooter vulnerability quartet

Four vulnerabilities in Qualcomm chipsets allow attackers root-level access to any Android device running Android Marshmallow and earlier, according to security researchers.

Qualcomm chipsets come pre-installed on mobile phones, and as part of processors, allow users to enjoy device functionalities such as movie streaming, playing games, making video calls or watching videos.

The four security vulnerabilities are:

  • CVE-2016-2503 found in Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.
  • CVE-2016-2504 discovered in Qualcomm”s GPU driver and fixed in Google’s Android Security Bulletin for August 2016.
  • CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.
  • CVE-2016-5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.

To exploit them, an attack can be carried out through a malicious app. The attacker needs to trick a user into installing a malicious app that, unlike other malware, would execute without requiring any special permission checks. If the attack is successful, the perpetrator gets full access to the device (camera, microphone etc.) and its contents (photos, contacts list etc.)

These are some of the most popular smartphone models affected by one or more Quadrooter vulnerabilities:

  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • Blackphone 1 and Blackphone 2
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • BlackBerry Priv

The only solution is to update mobile software as soon as it”s available.

“This situation highlights the inherent risks in the Android security model,” the researchers say. “Critical security updates must pass through the entire supply chain before they can be made available to end users.”

The chipmaker said to have fixed all of the flaws and issued patches to customers, partners, and the open source community between April and the end of July. Also, three of the four vulnerabilities have already been fixed in Google’s latest set of monthly security updates, and a patch for the remaining flaw will be rolled out in the upcoming September update.

To see if your device is vulnerable, you can download the free QuadRooter scanner app, available here.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read
Owner of DDoS-as-a-service Websites Found Guilty, Faces up to 35 Years in Prison Owner of DDoS-as-a-service Websites Found Guilty, Faces up to 35 Years in Prison
Silviu STAHIE

September 17, 2021

1 min read
Do Mobile Security Solutions Really Work or Are They a Scam? Do Mobile Security Solutions Really Work or Are They a Scam?
Filip TRUȚĂ

September 17, 2021

2 min read