900 Million+ Android Phones affected with Quadrooter Flaw, How to Check your Phone

What is Quadrooter?

Quadrooter, as the name suggests, is a set of four vulnerabilities affecting Android devices running on Qualcomm chipsets. So using any of these four vulnerabilities, an attacker can exploit a device by gaining root access to users’ phone. It is reported that over 900 million Android devices running on these Qualcomm chipsets. Qualcomm also launched the new Snapdragon 821 recently, which is upto 10 percent powerful than the 820.

Yes, that’s a lot of devices, and all these are affected by the ‘high’ risk privilege escalation vulnerabilities. With this, it would be easy for an attacker to trick the user into installing a malicious application. If any of these flaws are successfully exploited, then the attacker can gain root access. This would give a full access to the affected device to the attacker. This also includes all the Data, hardware like Microphone and camera.

Popular devices affected by this Vulnerability:

So as mentioned earlier, the devices running Qualcomm Chipsets are vulnerable to this attack. Google’s Nexus 5X, Nexus 6, and Nexus 6P, HTC’s One M9 and HTC 10, OnePlus One, OnePlus 2 and OnePlus 3, LG G4, LG G5, and LG V10, and Samsung’s Galaxy S7 and S7 Edge are some of those named vulnerable to one or more of the flaws. There will be more, but as of now, these are the confirmed ones. The recently launched Blackberry Dtek50, which the company claims to be the most secure Android smartphone in the world, is also vulnerable to this. According to a Qualcomm’s spokesperson, the chipmaker has fixed all of the flaws and had issued patches to customers, partners and also the open source community.

RECOMMENDED : The secrets of malware success in the Google Play Store and why Google can’t stop it.

Quadroter-flaw

Also, most of these fixes have already gone into Android’s monthly set of security patches, which Google is rolling out early each month to its Nexus smartphone owners. So it is just about the time that other manufacturers also roll out those patches at the same time or in following days. It is expected that Google will be rolling out these fixes with the September security patch. So none of the devices will see a patch for this until next month. Note that, three out of four of these flaws have been fixed, but one is still outstanding, largely because the final patch wasn’t issued in time.

How could this happen? You ask?

If you’re wondering how such a huge security flaw could come about, it’s really down to how Android phones are manufactured. Unlike Apple’s devices, which are designed and manufactured entirely in-house, Android phones are built in two stages. Google creates the software and third-party companies – such as Qualcomm – design and build the chips and hardware. Just by outsourcing this process, Android devices are more at risk of a high-level flaw, as it’s more difficult for Google to ensure complete security.

Michael Shaulov, head of mobility product management at Check Point, told Zack Whittaker from Zero Day on the phone two weeks ago of his frustration at the challenge faced with fixing the Quadrooter flaws.

“Qualcomm has a significant position in the development chain, in that a phone maker isn’t taking the Android open-source code directly from Google, they’re actually taking it from Qualcomm,” he said.

Shaulow explained that this only complicates the patching process, which led to the delay in getting the final fix out in time to meet Check Point’s three-month period of private disclosure.

“No-one at this point has a device that’s fully secure,” he said. “That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google.”

In other words, blame the complex, messy supply chain.

ALSO READ : Apple iOS vs Google Android: Which is the more secure smartphone OS?

How to check 

To check if your device is affected, you can download an application from the Play Store called the QuadRooter Scanner. It will scan your device and show the results as shown below. In our case, it shows all these vulnerabilities. This application also gives detailed information about the same. With that being said, we have to patiently wait for the September security patch from Google and then wait for the smartphone manufacturer to roll these patch out. Stay tuned for more info on this.

7 thoughts on “900 Million+ Android Phones affected with Quadrooter Flaw, How to Check your Phone

  1. Pingback: Samsung Pay Vulnerability allows Hackers to make Fraudulent Transactions | Verdict

  2. Pingback: Google can already protect most Android phones from the QuadRooter threat | Verdict

  3. Pingback: Linux TCP data snooping flaw haunts 1.4bn Android devices | Verdict

  4. Pingback: Samsung Galaxy Note 7 gets its first OTA Update | Verdict

  5. Pingback: BlackBerry ‘Argon’ likely to be released as the DTEK60 and with a fingerprint scanner this time | Verdict

  6. Pingback: Pork Explosion : Another critical vulnerability that affects several Adroid smartphones | VERDICT

  7. Pingback: Pork Explosion : Another critical vulnerability that affects several Android smartphones | VERDICT

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s