Vulnerabilities are not exactly something new for Android, but the one that is caused due to Qualcomm chipset is something new. Checkpoint has unearthed a set of four vulnerabilities that would eventually end up affecting 900 million Android smartphones and tablets with Qualcomm chipsets. The vulnerability is dubbed as “QuadRooter” and as one might deduce from the name it has everything to do with gaining a root access to a device.
Qualcomm has been one of the leading LTE chip makers and as a result, it commands a market share of 65 percent when it comes to LTE modem. The vulnerability in question is capable of triggering an escalation which would eventually give away the root access for the attackers. Modus Operandi goes as follows, the attacker makes use of a malicious app which would not require any special permissions. The attacker will now gain access to the device, provided that he successfully exploits any one of the fours exploits.
Once exploited the vulnerability will give the attacker a full-fledged access to the phone’s hardware including camera and microphone. The following phones are vulnerable to the flaws, Google’s Nexus 5X, Nexus 6, Nexus 6P, HTC One M9, HTC 10, Samsung Galaxy S7 and S7 Edge. Interestingly the recently launched Blackberry DTEK50, which is being positioned as the most secure Android phone is also one in the list.
Thankfully, Google has already pushed the patch for its Nexus phones via the monthly security updates but still one of the vulnerability is yet to be addressed. Google says that the last of the QuadRooter vulnerability will only be announced in September and the delay is due to the position assumed by Qualcomm in the development chain. This is what Micheal Shaulov, head of mobility product management at Check Point had to say “Qualcomm has a significant position in the development chain, in that a phone maker isn’t taking the Android open-source code directly from Google, they’re actually taking it from Qualcomm.”
In a nutshell, both Apple and Google have often been blamed for the complex route a patch has to negate before landing up on a user’s smartphone. The companies should create a faster channel for facilitating critical security updates and thus eventually shrink the resolution time. As a user, we would suggest you to refrain from installing third party apps from unknown sources and also update the device regularly. Open Wi-Fi is a strict no-no, especially now. Additionally, one can also download QuadRooter app from Checkpoint and scan their device for vulnerability.