That will enable Android user to detect if their device is still vulnerable.
Advertisement
“Critical security updates must pass through the entire supply chain before they can be made available to end users”, Check Point said in its technical report on Quadrooter [pdf – registration required]. And this fragmentation in the Android ecosystem requires huge co-ordination and effort to make security patches available for all mobile devices.
Popular phone models at risk include Samsung’s Galaxy S7 and S7 Edge, Google’s Nexus 5X and Nexus 6, HTC One M9 and BlackBerry’s DTEK50 which it markets as the “most secure Android phone”.
The set of vulnerabilities, dubbed “Quadrooter”, affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws.
Once the app exploits one of these vulnerabilities, the attacker can gain root access – giving him unprecedented control over your device, including the data and hardware.
“Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing”.
All four flaws can be exploited just by installing a rogue app on your device.
Qualcomm has been one of the leading LTE chip makers and as a result, it commands a market share of 65 percent when it comes to LTE modem.
“Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier”, Check Point states.
The chipmaker, Qualcomm has already confirmed that it has fixed all of the aforementioned flaws and issued patches to customers, partners, and the open source community.
While the flaws have been disclosed to Qualcomm, which has issued patches, the vulnerable drivers are preinstalled on devices when they’re manufactured and can only be fixed with updates from distributors or telco carriers – which are reliant on Qualcomm sending them patches.
Check Point has developed an app for Android users to check if their device is at risk, with further information here.
Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources.
Advertisement
Check Point has created a free QuadRooter scanner app that’s available from Google Play. Be wary of apps that ask for permissions that seem unusual or unnecessary, or use large amounts of data or battery life. Qualcomm reviewed these vulnerabilities, classified each as high risk, and has since released patches to original equipment manufacturers (OEMs).
