Android Security Flaw 'QuadRooter' Hits 900 Million Devices

Researchers have discovered a set of security flaws that could leave more than 900 million Android smartphones and tablets vulnerable to hackers.

Kelly Sheridan, Staff Editor, Dark Reading

August 8, 2016

4 Min Read
<p align="left">(Image: Manuel Faba Ortega/iStockphoto)</p>

10 Reasons Your Data Vision Will Fail

10 Reasons Your Data Vision Will Fail


10 Reasons Your Data Vision Will Fail (Click image for larger view and slideshow.)

A set of four security vulnerabilities could affect nearly one billion Android smartphones and tablets equipped with Qualcomm chipsets, as discovered by Check Point.

The security firm's mobile research team has dubbed the set of flaws "QuadRooter." Its research findings were shared during a session at hacking conference DEF CON, which took place August 4-7 in Las Vegas.

Qualcomm is the world's top designer of LTE chipsets, Check Point explained, and has captured a 65% share of the LTE modem baseband space. The recently discovered vulnerabilities has left 900 million Android devices vulnerable to hackers.

[Read: Ransomware attacked nearly 50% of businesses in 2015.]

A hacker who wanted to exploit any one of these vulnerabilities could do so through a malicious app. The app wouldn't need any special permissions to take advantage of the device, so an unsuspecting user may install it without thinking twice.

If successful in getting a user to download the app, a hacker could gain root access and assume full control over the device. This would give the attacker free access to key business data, and to capabilities like GPS tracking or video and audio recording.

"Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place," wrote the Check Point mobile research team in a blog post.

Some of the most recent and popular Android devices are affected by QuadRooter. These include the BlackBerry Priv, Blackphone 1, Blackphone 2, Google Nexus 5X, Nexus 6, Nexus 6P, HTC One, HTC M9, HTC 10, LG G4, LG G5, LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2, OnePlus 3, Samsung Galaxy S7, Samsung S7 Edge, and Sony Xperia Z Ultra.

QuadRooter was discovered when Check Point decided to analyze Qualcomm code in Android devices, explained senior security researcher Adam Donenfeld in his DEFCON presentation summary. Google has recently made several changes to improve security, he noted, but Qualcomm's efforts have an equal effect on Android device protection.

"During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems," Donenfeld wrote.

All Android smartphones and tablets equipped with Qualcomm chipsets are at risk. The QuadRooter vulnerabilities are found in drivers that manage communication between different parts of the chipsets, wrote Check Point.

Because drivers are pre-installed on the devices, the flaw can only be fixed with a patch provided by the carrier or distributor. Carriers can only provide the fix after Qualcomm gives them the fixed driver packs.

According to a Qualcomm spokesperson, the company had addressed all of the flaws and had provided patches to the open-source community, customers, and partners by the end of July, reported ZDNet.

Most fixes have been included in Android's monthly security updates, which Google provides on a monthly basis for its Nexus product lineup. Google addressed three flaws in its latest set of monthly security fixes, but one still remains, because the final patch was delayed. It will be addressed in the September batch of fixes, which will arrive towards the beginning of the month.

"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," predicted Michael Shaulov, head of Check Point's mobility product management, to the BBC. "It's always a race as to who finds the bug first, whether it's the good guys or the bad."

For IT managers, Check Point has a few recommendations for protecting employee devices from QuadRooter-related attacks.

Device users should install the latest Android updates as soon as they are available and fully understand the risk of rooting a device, whether intentionally or as the result of an attack. App installation requests should be fully vetted and avoided if they require a large amount of data or battery life.

Employees often use Android devices for personal and business use. For these users, the firm recommends businesses launch a mobile security solution for detecting threats and a personal mobile security product to monitor devices.

About the Author

Kelly Sheridan

Staff Editor, Dark Reading

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights