Just in:
Renewables Surge Sets Record, But Global Equity Lags // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // HSBC Streamlines Gold Investment for Hong Kong Residents with Tokenized Product // Sunshine’s Debut Features Leave Tech World Scratching Its Head // In Lok Sabha Polls In Punjab, AAP Is Advantageously Placed As Against Its Three Rivals // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // German Job Market Resilience Bodes Well for Economic Recovery // Near Miss at Kolkata Airport: IndiGo Plane Makes Contact with Stationary Air India Express // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // Emirates Post Speeds Up Deliveries for GCC with Special Day // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // Arvind Kejriwal Gets International Heft Against The Deshi Vishwaguru // US reiterates concern over Kejriwal arrest, Cong accounts // Party Nominees Refusing To Contest: Major Perception Threat For BJP // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain //
HomeWhat's OnQuadrooter Bug Affects 900 Million Android Devices

Quadrooter Bug Affects 900 Million Android Devices

Recently uncovered security flaws could mean trouble for owners of devices that run the Android operating system. Researchers at security firm Check Point recently discovered the vulnerabilities, together labeled Quadrooter, which may affect as many as 900 million Android devices.

Speaking about the discoveries last week at the Def Con security conference in Las Vegas, Adam Donenfeld, Check Point’s lead mobile security researcher, revealed four new privilege escalation exploits that can be used to remotely gain root access to Android handsets.

To gain access, an attacker just has to get the user to install a malicious app. From there the attacker has full access to saved data and can also change or remove system-level files, delete or add apps and gain access to the device’s screen, camera, or microphone, said Donenfeld.

ADVERTISEMENT

Still Vulnerable?

As Donenfeld explained it, Google made several changes in the Android landscape to tighten security, but vulnerabilities have slipped through anyway. He also noted that Google is not the only company struggling to keep Android safe. Qualcomm, which makes 80 percent of the chipsets in the Android ecosystem, has almost as much of an effect on Android’s security as Google.

“If exploited, Quadrooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them,” Check Point said in a blog post. “Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.”

Check Point examined Qualcomm’s code in Android devices, finding what it called multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.

In its Def Con presentation, the company reviewed the privilege escalation vulnerabilities it found and demonstrated a detailed exploitation that bypassed the existing mitigations in Android’s Linux kernel to run kernel-code, elevating privileges and thus gaining root privileges.

App Available

The smartphones at risk of being exploited by the Quadrooter vulnerabilities are: BlackBerry Priv; Blackphone, Blackphone 2; Google Nexus 5X, Nexus 6, Nexus 6P; HTC One, HTC M9, HTC 10; LG G4, LG G5, LG V10; New Moto X by Motorola; OnePlus One, OnePlus 2, OnePlus 3; Samsung Galaxy S7, Galaxy S7 Edge; and Sony Xperia Z Ultra.

Because the vulnerable drivers are pre-installed, they can only be fixed via patches from distributors or carriers. The patches can only be pushed to users by those distributors or carriers once they get new driver packs from Qualcomm.

Check Point is making available a free Quadrooter scanner app that scans users’ Android phones to see if the necessary patches have been downloaded and installed. The scanner app is available at https://www.checkpoint.com/resources/quadrooter-vulnerability-consumer/.

Qualcomm said it has already fixed all four flaws, while Google said it has patched three of them in an update supplied earlier this month. Final debugging will come with Google’s next security update, according to the Android Headlines Web site.

Let’s block ads! (Why?)

ADVERTISEMENT

ADVERTISEMENT
Just in:
Arvind Kejriwal Gets International Heft Against The Deshi Vishwaguru // Universal Language for Healthcare: General Authority Embraces Global Coding System // Sunshine’s Debut Features Leave Tech World Scratching Its Head // Near Miss at Kolkata Airport: IndiGo Plane Makes Contact with Stationary Air India Express // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // Party Nominees Refusing To Contest: Major Perception Threat For BJP // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // HSBC Streamlines Gold Investment for Hong Kong Residents with Tokenized Product // Superland Announced Annual Results for 2023, 2023 Net Profit Increased approximately 39.5% to approximately HK$22.2 million as Compared to the 2022 Adjusted One // No running of govt from jail, says Delhi Lt Governor // Renewables Surge Sets Record, But Global Equity Lags // US reiterates concern over Kejriwal arrest, Cong accounts // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update //