QuadRooter vulnerability affects Android devices
Four newly discovered Android vulnerabilities have been announced by mobile researchers from Check Point Software Technologies Ltd at Def Con 24 in Las Vegas. The vulnerabilities affect more than 900 m Android smartphones and tablets and could provide attackers with complete control of the devices, as well as access to sensitive data.
Check Point calls the set of vulnerabilities QuadRooter. If exploited, they could also provide an attacker with capabilities such as keylogging, GPS tracking and recording video and audio. They are found in the software drivers Qualcomm ships with its chipsets and can be exploited using a malicious app. The app would require no special permissions to take advantage of the vulnerabilities, which means it would not make users suspicious.
Since the vulnerable software drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the device’s distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.
Michael Shaulov, head of mobility product management for Check Point, said, “The supply chain is complex, which means every patch must be added to and tested on Android builds for each unique device model affected by the flaws. This process can take months, leaving devices vulnerable in the interim, and users are often not made aware of the risks to their data. The Android security update process is broken and needs to be fixed.”
Check Point researchers provided Qualcomm with information about the vulnerabilities in April 2016. The team then followed the industry-standard disclosure policy (CERT/CC policy) of allowing 90 days for Qualcomm to produce patches before disclosing the vulnerabilities. Qualcomm reviewed these vulnerabilities, classified each as high risk and has since released patches to original equipment manufacturers (OEMs).
Affected devices include Samsung Galaxy S7 & S7 Edge, Sony Xperia Z Ultra, Google Nexus 5X, 6 & 6P, HTC One M9 & HTC 10, LG G4, G5 & V10, Motorola Moto X, OnePlus One, 2 & 3, BlackBerry Priv and Blackphone 1 & 2.
Avanade launches Microsoft-powered AI services
Avanade has launched a line of seven new services designed to help mid-market APAC businesses...
ServiceNow adding new GenAI capabilities
ServiceNow is adding more than 150 new generative AI tools and features to its Now Platform,...
Snowflake expands AI Data Cloud portfolio
Enterprise AI company Snowflake has announced two new additions to its AI Data Cloud portfolio...