Home » News » Mobile Phones » Qualcomm-powered Android devices vulnerable to QuadRooter flaw [updated]

Qualcomm-powered Android devices vulnerable to QuadRooter flaw [updated]

By Shrey Pacheco | Updated on 12-Aug-2016
Qualcomm-powered Android devices vulnerable to QuadRooter flaw [updated]
Shrey Pacheco Shrey Pacheco
08 Aug 2016 17:07
HIGHLIGHTS

The vulnerabilities could potentially give an attacker root access to a device

Over 900 million Android phones using Qualcomm chipsets may come with vulnerabilities that could potentially allow hackers to take full control of a device. According to a report released by security firm, Check Point, Qualcomm-powered Android devices might be affected by a set of four vulnerabilities collectively called QuadRooter. If any one of the vulnerabilities is exploited, an attacker could trigger privilege escalations and gain root access to a device. An attacker will be able to exploit these vulnerabilities via a malicious app. Check Point also notes in its report that these malicious apps require no special permissions to take advantage of these vulnerabilities, which in turn alleviates any suspicions that a user might have. Once the attacker has gained access, they will be able to perform other operations such as removing system-level files, adding or deleting apps, or even access the device’s hardware.

The vulnerabilities are located in Qualcomm’s software drivers that come with its chipsets. The drivers are then incorporate into the various Android builds developed by manufacturers for their devices. Since they are installed during manufacturing, these drivers can only be fixed by installed a patch from the distributor or carrier. Check Point stated that they provided Qualcomm with information about the vulnerabilities back in April 2016. Qualcomm has reviewed these vulnerabilities and classified them as high risk. The chipset manufacturer has also confirmed that it has released patches to original equipment manufacturers (OEM). As per the report, devices from major OEMs like Samsung, HTC, Huawei, OnePlus, LG and more are amongst those vulnerable. We have reached out to Qualcomm, OnePlus and Huawei for a comment and will update the story once we get a response from them.

[Update] OnePlus has responded to our queries and stated "Security is a top priority for OnePlus. The relevant security patches will be included in the next OTAs for all OnePlus devices officially running on OxygenOS." This also included OnePlus One devices running on Cyanogen.

Shrey Pacheco

Shrey Pacheco

Writer, gamer, and hater of public transport. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo