QUADROOTER ANDROID MOBILE SECURITY BUG
A recent bug with serious flaws has been discovered on tens of millions of Android devices, that could give attackers complete access to your Android based phone and it’s data. The bug was uncovered by Checkpoint researchers looking at software running on lots of chipsets manufactured by US firm Qualcomm, whose processors are in about 900 million Android phones.
“I’m pretty sure you will see these vulnerabilities being used in the next three to four months,” said Michael Shaulov, head of mobility product management at Checkpoint. “It’s always a race as to who finds the bug first, whether it’s the good guys or the bad.”
Mr Shaulov said that it had taken some six months of work to reverse engineer Qualcomm’s code before it revealed the problems. The shortcomings were found within software that handles the graphics and in source code that controls communication between the different processes running inside the phone.
AFFECTED MOBILE PHONES
Some of the affected devices included BlackBerry Priv, Blackphone 1 and Blackphone 2, Google Nexus 5X, Nexus 6 and Nexus 6P, HTC One, HTC M9 and HTC 10, LG G4, LG G5, and LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2 and OnePlus 3, Samsung Galaxy S7 and Samsung S7 Edge, Sony Xperia Z Ultra as well as many more.
This allows an attacker to craft a malicious app which can do almost anything on the phone – a flaw called “privilege escalation” and being able to exploit the bug allows attackers to take control over a device and gain access to its data. It is reported that Checkpoint has handed information about the bugs and proof of concept code to Qualcomm earlier this year.
Qualcomm have created ‘patches’ for the bugs, and started to install these patches into the fixed versions in its factories. It has also distributed the bug-patches to manufacturers of the mobile phones affected, and also mobile network providers. However, it is not clear how many of those companies have issued updates to customers’ phones.
The vulnerability is the most widespread seen in the Android platform since 2015’s Stagefright bug, which affected the operating system’s media handling technology. That bug affected the vast majority of Android phones, even after the security researcher who discovered it gave manufacturers 90 days advance warning to fix the problems before going public.
CHECK IF YOUR MOBILE IS AFFECTED
Checkpoint has created a free app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any of the bugs, by looking to see if the patches for them have been downloaded and installed.
In addition, Mr Shaulov said Android owners should only download apps from the official Google Play store to avoid falling victim to malicious programs. People should call whoever sold them their phone, their operator or the manufacturer, and beg them for the patches,” said Mr Shaulov.
GET PROTECTED NOW!
Click on one of the image links below, for more details on two highly recommended Mobile Phone and PC Internet security software programs, that will protect you, your home computer and your personal mobile phone contents from being attacked…