There are four new vulnerabilities that affect as many as 900 million Android smartphones – yours might be one of them.
Check Point yesterday sent word out that it had discovered four vulnerabilites in Qualcomm chipset software drivers. The vulnerabilities were given the name “QuadRooter” as they would give an attacker root access to an Android smartphone.
“Any Android device built using these chipsets is at risk,” said Check Point.
“The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices.”
One of the risk with this is that an attacker could plant malware inside an app and have it install on a smartphone. With root access there may be no warnings that a user was trying to install a malicious app.
Of the greatest concern is that the vulnerability is present in some of the latest Android smartphones including:
- Samsung Galaxy S7 and S7 Edge
- LG G5, LG G4
- Blackberry Priv
- Sony Xperia Z Ultra
- HTC One, MTC M9 and HTC 10
How to check if you’re at risk
If you breathed a sigh of relief after not seeing your handset on that list be warned – because of Qualcomm’s ubiquity in the Android smartphone market you might still be at risk.
For that reason we recommend using Check Point’s QuadRooter Scanner, available for free on the Google Play Store.
Keep in mind that this app will simply tell you if your handset has one or more of the QuadRooter vulnerabilities. We scanned a CAT S60 as well as a Samsung Galaxy A3 here in the office and discovered that both contained vulnerabilities so we highly recommend scanning your handset today.
The fix is coming, slowly
Fixing these vulnerabilities is a tough process but it is happening. Check Point says that because the drivers are installed during the manufacturing process patches need to be delivered by manufacturers.
“This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data,” explained the security firm.
With that having been said, three of the four vulnerabilities have been patched with a forth incoming according to The Register.
Until those patches are live though be sure to exercise these precautions to protect both your smartphone and the information contained within.
- Avoid side-loading applications. Only use the Google Play Store to download apps.
- Only use WiFi networks you know and trust
- Read through application permission requests. If something seems suspicious, don’t grant the permission.
- Install a mobile security solution that monitors your smartphone or tablet for suspicious activity.