Quadrooter vulnerability affects nearly 1 billion Snapdragon powered Android devices

About one billion Android phones and tablets are affected by one to four flaws found in Android phones powered by Snapdragon chipsets. One flaw found with this vulnerability called Quadrooter, can even affect the new BlackBerry DTEK50. The latter has been called "the most secure Android phone in the world" by BlackBerry. Check Point, the security firm that discovered Quadrooter, says that other handsets like the Nexus 5X, Nexus 6, Nexus 6P, HTC One M9, HTC 10, Samsung Galaxy S7 and Samsung Galaxy S7 edge can be attacked. Phones that are affected are powered by the Snapdragon chipset.

For a user's phone to be attacked, he or she would have to be tricked into installing a malicious app onto their handset. No special permissions are required to install it, and affected phones can be completely controlled by the hacker. For this to happen, the hacker must successfully exploit one of the four flaws thus giving him (or her) root access to the phone. Once that is accomplished, the invader gains access to the camera, microphone, data and all of the remaining hardware.

Qualcomm says that between April and July, it fixed all of the flaws and sent out patches to partners, customers, and those in the open source community. Those patches have been included in the monthly security update sent out by Google to Nexus models, and rolled out by other manufacturers to their own phone and tablet creations.

Because one of the patches wasn't ready in time to be included in the August update, one of the remaining flaws remains vulnerable. That patch is expected to be sent out with the September update that will go out just after next month starts. Since Qualcomm has sent out patches directly to its manufacturing partners, some of them could send out the the last fix before Google's September update.

According to Michael Shaulov, head of mobility product management at Check Point, "No-one at this point has a device that's fully secure. That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google."

source: ZDNet

FEATURED VIDEO

214 Comments

1. Mxyzptlk unregistered

I thought Android was supposed to be secure. What will they use as an excuse this time?

3. xondk

Posts: 1904; Member since: Mar 25, 2014

This is not android itself, it is the processor, _anything_ with a snapdragon processor is vulnerable, so this is entirely on Qualcomm.

6. Rafishant

Posts: 405; Member since: Oct 13, 2015

After the disastrous Snapdragon 810, here comes Qualcomm surprise us with this one

9. bambamboogy02

Posts: 842; Member since: Jun 23, 2012

Wow, PA, way to half ass give out s**t information. You guys completely ignored the fact this affects the users who side load apps. That's how other apps get downloaded which then roots using 4 different ways, and 3 have already been patched.

22. AlikMalix unregistered

You have very good point and I wasn't going to "dance on any grave", but when it comes to iOS vs android - same people that defend these exploits are the same people that give android the crown for allowing such abilities as side loading apps, because it's "open" platform and lets users do "whatever" they want "#freedom", right? Well which is it, is the open source a blessing or a curse? Seems like it depends on whether we're talking about androids problems or iOS capabilities. Since I'm on that topic, it also relates to the "android had this for years" comments. When it's something iPhone implemented that was on some android phone before - it's "android had it for years" even though none except some forked version of Samsung J series device in China had it - but "android had it for years" credit given as if yeveryone had it, but when there's an issue with certain devices - "oh it's just that device, you should get a nexus, don't get Samsung" ----> why all of a sudden "android isn't an issue". It's either "all android against iPhone" or "individual forked version/device against iphone". But you guys seem to choose play the enormity of all manufacturers against iPhone when it suits you, but "it's only if this one thing on android - not all" when it doesn't suit your argument!!!! I have not seen one device that represents all of androids greatest features and none of the drawbacks. For every argument against iPhone features you'd have to carry at least two devices of android to, for example: 1. get timely updates (if you get problems like the above) and 2. get nice features like s-pen and nice camera on a device which will probably yield only one major update in the next two years and that would be at least 6months late. Am I not being fair here?

31. meanestgenius

Posts: 22504; Member since: May 28, 2014

Alik, why are you even mentioning this as an iOS vs Android thing? Are you trying to start a flame war? There is no way that you can complain about Android fans constantly brining up Apple/iOS in articles not related to them when you are doing the same thing here.

32. Mxyzptlk unregistered

Because he's making a very good point.

42. meanestgenius

Posts: 22504; Member since: May 28, 2014

Not to me. Seems like hypocrite talk. Something you're familiar with.

65. Mxyzptlk unregistered

Seems like denial coming from your comments.

67. meanestgenius

Posts: 22504; Member since: May 28, 2014

The only one in denial here is you about your trolling.

87. Mxyzptlk unregistered

And what makes you think I'm trolling?

100. meanestgenius

Posts: 22504; Member since: May 28, 2014

Get real.

156. Mxyzptlk unregistered

In other words, you're deflecting?

173. meanestgenius

Posts: 22504; Member since: May 28, 2014

No. You are deflecting from your obvious trolling.

218. Mxyzptlk unregistered

Yeah, you're done again. Just be quiet.

221. meanestgenius

Posts: 22504; Member since: May 28, 2014

You first, troll.

279. Mxyzptlk unregistered

You're done. You've been schooled. Any further bs from you will be referred back to this comment proving my point.

280. meanestgenius

Posts: 22504; Member since: May 28, 2014

BWAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHA​!!! Says the troll that's still responding after I've long forgotten about how I totally destroyed him in this comments section.

290. Mxyzptlk unregistered

Whatever. I'm done making you look like a tool.

291. meanestgenius

Posts: 22504; Member since: May 28, 2014

In other words: "Meanestgenius has made me look like the troll that I am for 3 days straight! I can't take it anymore...I'm outta here!" There. I fixed your post for you.

37. AlikMalix unregistered

MG, all due respect, (you are right). But I was trying to make this point for a while, this is just an example post that I needed to make the point.

49. meanestgenius

Posts: 22504; Member since: May 28, 2014

You should make it when it's relevant, and on a relevant article. Not only does it make you look like a troll (and you're not), but it gets the other trolls here all giddy.

61. AlikMalix unregistered

Well I waited for an article about how clever trolls get - but I don't think it's coming.

66. Mxyzptlk unregistered

Oh so it's not relevant now? The only one who is giddy here is you because you have yourself a buffet wide open right now.

70. meanestgenius

Posts: 22504; Member since: May 28, 2014

It isn't relevant. Even Alik admitted it, and he admitted that I'm right. But when anyone trolls, you get all giddy. You feed off of trolling and you know it.

88. Mxyzptlk unregistered

I think you're letting your ego cloud your poor judgment.

101. meanestgenius

Posts: 22504; Member since: May 28, 2014

I think you're letting your trolling cloud yours.

157. Mxyzptlk unregistered

I think you're just hopping on the bandwagon because you know I'm right.

175. meanestgenius

Posts: 22504; Member since: May 28, 2014

I *know* you're just trolling, and know you're playing the victim role, as usual and right on cue.

219. Mxyzptlk unregistered

You mean like you do whenever you're called out?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.