QuadRooter: Android bug that could potentially harm millions of smartphones

A team of researchers at Checkpoint Software Technologies (CST) have revealed that QuadRooter could possibly harm millions of Android smartphone devices and tablets that use Qualcomm chipsets.

About QuadRooter and Qualcomm

QuadRooter is a set of four susceptibilities which operates on chipsets that were made by US Qualcomm. A hacker can gain access to an Android device if any one of the four vulnerabilities is exploited.

On the other hand, Qualcomm is a US telecommunications equipment company and world’s leading designer of LTE chipsets. They control 65% of market share of the LTE modem baseband.

Following latest and popular Android devices could be affected:

1- Samsung Galaxy S7 and S7 Edge
2- Google Nexus 5X, Nexus 6 and Nexus 6P
3- New Moto X by Motorola
4- LG G4, G5 and V10
5- Sony Xperia Z Ultra
6- HTC One, M9 and 10
7- OnePlus 1, 2 and 3
8- Blackberry Priv

How Android devices are exposed to this vulnerability

The shortcoming was exposed in software that deals with graphics and in code which communicates information between chipset components.

Head of mobility product management of CST, Michael Shaulov stated:

“The problems were revealed after a six month effort to reverse engineer Qalcomm’s code. It’s always a race as to who finds the bug first, whether it’s the good guys or the bad”

Moreover, an attacker can exploit these vulnerabilities without the knowledge of the user. He can use any malicious application which would go unnoticed during installation.

There is no concrete evidence of this vulnerability being used. However, Michael Shaulov feels that it is just a matter of time.

For the convenience of the users, Checkpoint has developed an app, QuadRooter Scanner which is absolutely free. The primary function of this application is that it checks and notifies whether your device is at risk.

Qualcomm has also created software patches in response to the information provided by CST. They have also started to manufacture bug-free version of chipsets. As a result, the company has started to distribute the patches to the phone makers and operators. However, the figures are currently not available on how many phones are so far updated.

Risks if attacker exploits a vulnerability

An attacker can get full control of devices if he successfully exploits any of the four vulnerabilities. He can gain an unrestricted access to personal and sensitive data. In addition, an attacker could also gain unauthorized access to GPS tracking, and recording video and audio.

This article was originally published here.

Click to comment

Leave a Reply

Your email address will not be published.

To Top