A new bug has arrived that is threatening over 900 Android phones. Four security vulnerabilities in Android smartphones and tablets that have Qualcomm chips inside could allow hackers to take full control of your device. The flaw is called “Quadrooter,” and it allows hackers to take root access of a phone, which provides them full access to the device’s storage and hardware controls.
Quadrooter was discovered by security firm Check Point, and they said that the vulnerability “could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.” This defect is said to be in over 80% of Android handsets.
Check Point revealed how a hacker can sneak into your phone: “An attacker would have to trick a user into installing a malicious app, which unlike some malware wouldn’t require any special permissions. (Most Android phones don’t allow the installation of third-party apps outside of the Google Play app store, but attackers have slipped malicious apps through the security cracks before.)”
Some of the latest and most popular Android phones use the vulnerable Qualcomm chips, including:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
From ZDNet:
A Qualcomm spokesperson said the chipmaker has fixed all of the flaws, and had issued patches to customers, partners, and the open source community between April and the end of July. Most of those fixes have already gone into Android’s monthly set of security patches, which Google issues early each month to its own-brand Nexus devices. Many other phone and tablet makers roll out those patches at the same time or in the following few days. Three flaws were fixed in Google’s latest set of monthly security updates, but one of the vulnerabilities is still outstanding, largely because the final patch wasn’t issued in time. Google confirmed that the fourth flaw will be fixed in the upcoming September update, due out a little after the start of next month.
Check Point has created a scanning tool so you can find out if your device is vulnerable or not.
The Check Point QuadRooter Scanner analyzes your Android smartphone or tablet to discover if it’s vulnerable to the newly-discovered QuadRooter vulnerabilities. QuadRooter allows attackers to take complete control of Android devices, potentially exposing your sensitive data to cybercrime. The scanner app is designed to give you clear indications of the threat risk to your device and provides more information about QuadRooter, including which vulnerabilities affect your device and how they work.
You can download it on the Google Play store.
So make sure you have updated your phone and until you receive the final patch from Google in September, I would be very cautious as to what apps you are downloading to your phone.
[Mirror]