If your Android smartphone or tablet has a Qualcomm chip in it, you may want to ditch it for the time being. Four newly discovered vulnerabilities found in these devices could let an attacker take total control of a device.
The four vulnerabilities (hence the name “Quadrooter”) were discovered by Check Point researchers. The first step an attacker would have to accomplish is tricking a user into installing a malicious app, which wouldn’t require any special permissions. However, once done, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware — including its camera and microphone.
“Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe. Qualcomm, a supplier of 80% of the chipsets in the Android ecosystem, has almost as much effect on Android’s security as Google. With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.”
– Adam Donenfeld Senior Security Researcher, Check Point.
The list of devices affected by Quadrooter contains quite a few household names, including Google’s Nexus 5X, Nexus 6 and the Nexus 6P. The Samsung Galaxy S7 and S7 Edge are also affected. However, while three of the flaws were fixed, these devices will stay vulnerable for quite a while more. The last patch will only be released in September according to a Google spokesperson.
You can check if your smartphone is vulnerable using Check Point’s Quadrooter scanner app.
