Qualcomm-powered Android devices vulnerable to QuadRooter flaw [updated]

Qualcomm-powered Android devices vulnerable to QuadRooter flaw [updated]
HIGHLIGHTS

The vulnerabilities could potentially give an attacker root access to a device

Over 900 million Android phones using Qualcomm chipsets may come with vulnerabilities that could potentially allow hackers to take full control of a device. According to a report released by security firm, Check Point, Qualcomm-powered Android devices might be affected by a set of four vulnerabilities collectively called QuadRooter. If any one of the vulnerabilities is exploited, an attacker could trigger privilege escalations and gain root access to a device. An attacker will be able to exploit these vulnerabilities via a malicious app. Check Point also notes in its report that these malicious apps require no special permissions to take advantage of these vulnerabilities, which in turn alleviates any suspicions that a user might have. Once the attacker has gained access, they will be able to perform other operations such as removing system-level files, adding or deleting apps, or even access the device’s hardware.

The vulnerabilities are located in Qualcomm’s software drivers that come with its chipsets. The drivers are then incorporate into the various Android builds developed by manufacturers for their devices. Since they are installed during manufacturing, these drivers can only be fixed by installed a patch from the distributor or carrier. Check Point stated that they provided Qualcomm with information about the vulnerabilities back in April 2016. Qualcomm has reviewed these vulnerabilities and classified them as high risk. The chipset manufacturer has also confirmed that it has released patches to original equipment manufacturers (OEM). As per the report, devices from major OEMs like Samsung, HTC, Huawei, OnePlus, LG and more are amongst those vulnerable. We have reached out to Qualcomm, OnePlus and Huawei for a comment and will update the story once we get a response from them.

[Update] OnePlus has responded to our queries and stated "Security is a top priority for OnePlus. The relevant security patches will be included in the next OTAs for all OnePlus devices officially running on OxygenOS." This also included OnePlus One devices running on Cyanogen.

Shrey Pacheco

Shrey Pacheco

Writer, gamer, and hater of public transport. View Full Profile

Digit.in
Logo
Digit.in
Logo