Today, security researchers at Check Bespeak revealed a security flaw that potentially leaves 900 million Android users exposed.
QuadRooter is a newly uncovered security flaw that reportedly affects any device with a Qualcomm chip – that’s a whole lot of devices. If you’re concerned nigh this effect, here’s what you’ll want to know.
What is QuadRooter?
QuadRooter is actually four different vulnerabilities, which Check Point says affects whatsoever device using a Qualcomm chipset. The flaws are embedded in the software that handles graphics, and the code that controls communications between dissimilar processes that run inside your telephone.
If any one of the vulnerabilities is exploited, a hacker could proceeds root admission to a device, giving the attacker control of a phone or tablet’s systems. The attacker does this through a process called “privilege escalation”.
What is rooting?
Rooting a device ways attaining “root access” to a system. That ways you get access that’s similar to administrative permissions on a device, including device control and access to data.
Many users intentionally root their own devices, because it gives users the “permission” to change or replace system applications and settings, run specialised apps, and perform other tasks that a standard, non-admin user tin can’t.
Rooting a phone gives users special permissions for system-level features
Why is this bad?
While rooting is popular amongst Android users, it’s likewise a risky business. Worse even so, if a hacker roots your device, you can exist left completely exposed.
“An aggressor can exploit these vulnerabilities using a malicious app,” explains Adam Donenfeld, Mobile Researcher at Check Point. “Such an app would crave no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.”
Which phones are afflicted?
Here’s the problem: QuadRooter affects any phone with a Qualcomm chip, and the lion’s share of smartphones and tablets (around 900 million, in fact) use Qualcomm chips – it’s the market leader, in fact.
We’re non going to listing all 900 meg devices hither, patently. Merely here are some of the latest and well-nigh popular handsets running Qualcomm fare:
- Samsung Galaxy S7 and S7 Edge (Us-just)
- Google Nexus 5X, Nexus half-dozen, and Nexus 6P
- HTC I, HTC One M9, and HTC 10
- LG G4, LG G5, and LG V10
- Motorola Moto X
- OnePlus One, OnePlus 2, and OnePlus 3
Samsung’due south Galaxy S7 is one of the devices reportedly affected by the flaw, but only the SD820 versions (i.e. not the units with Exynos fries)
Tin I fix this?
Unfortunately, no. The vulnerable drivers are pre-installed on devices when a phone is manufactured, and can simply be fixed with a software update from a distributor or network carrier.
But to complicate matters further, distributors and network carriers can only consequence their patches after received fixed driver packs from Qualcomm.
That’south why QuadRooter is a especially cracking example of ane of Android’south chief problems. To fix a trouble like this, a security update needs to pass through the entire supply chain before it reaches the end user, i.due east. yous.
And fifty-fifty once the security patch is issued, the user still needs to install the updates manually to ready the issue.
How tin can I stay safe?
The offset thing you should do is ever download and install the latest Android updates as soon equally they’re bachelor. Regularly updating your phone is a great manner to avoid being hacked, especially as many major Android phone manufacturers have committed to monthly security updates.
Information technology’southward as well worth remembering that QuadRooter is a vulnerability that is exploited past getting a user to install a malicious app. To defend against this, it’s important to:
- Exist enlightened of the risks of rooting your device
- Make certain you examine any app installation request to make sure information technology’s legit
- Avert, where possible, side-loading Android apps (.apk files), or downloading apps from third-political party sources
- Try to but download apps from the Google Play shop
- Read permission requests carefully when installing apps
- Be wary of apps that ask for unusual permissions, or that use large amounts of data or battery life
- Only use trusted and known Wi-Fi networks
Security experts advise confronting downloading apps from outside of the Google Play store
Has Qualcomm responded?
Qualcomm did respond to our request for comment, but unfortunately could non confirm the number of devices affected – “it’s not something we track”.
The post-obit argument was provided:
“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). We were notified by the researcher about these vulnerabilities between February and April of this twelvemonth, and made patches available for all 4 vulnerabilities to customers, partners, and the open source community betwixt April and July. The patches were too posted on CodeAurora. QTI continues to piece of work proactively both internally too every bit with security researchers to identify and accost potential security vulnerabilities.”
Related: All-time Android Smartphones 2016
Scout The Refresh: The best tech gossip and reviews every week
Practice yous accept any questions about QuadRooter? Let us know in the comments, and we’ll exercise our best to go back to y’all.