An IT security firm CheckPoint has discovered a set of critical security flaws in several Android devices affecting 900 million users worldwide.
Dubbed QuadRooter by the research team, these security flaws can provide an attacker full access to any smartphone that is built using Qualcomm chipsets. Currently, Qualcomm processors are being used in 900 million Android devices. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market.
CheckPoint researchers presented their findings in Def Con however a good news is that there’s no proof if cyber criminals have identified or used these set of security flaws but it’s about time when they will start digging deep inside the QuadRooter.
— Check Point Software (@CheckPointSW) August 7, 2016
How dangerous are these flaws?
Very! Exploiting these flaws; attackers can take full access of your device and steal personal and financial data. That’s not all, it will also allow attackers to record audio and videos, track GPS and save logs.
According to BBC’s report CheckPoint researchers spent around six months reverse-engineering Qualcomm’s code before finding the security flaws.
CheckPoint’s head of mobility product management Michael Shaulov said: “I’m pretty sure you will see these vulnerabilities being used in the next three to four months.”
The list of affected devices includes BlackBerry Priv, Blackphone 1 and Blackphone 2, Google Nexus 5X, Nexus 6 and Nexus 6P, HTC One, HTC M9 and HTC 10, LG G4, LG G5, and LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2 and OnePlus 3, Samsung Galaxy S7 and Samsung S7 Edge and Sony Xperia Z Ultra.
Qualcomm, on the other hand, said it’s already issuing patches to secure vulnerable devices.
At the moment it is unclear how many devices have been secured but in case you want to check right now, the CheckPoint researchers have uploaded QuadRooter Scanner app on Google Play store informing users if their device is vulnerable or not.
Keep in mind, in case you get an alert about updating your device do it asap!
[src src=”Source” url=”http://blog.checkpoint.com/2016/08/07/quadrooter/”]ProofPoint[/src]