Wednesday , October 18 2017

New Quadrooter vulnerability shows why you should stick to Google Play for downloading your apps

QuadRooter
Another day, it seems like there’s another security scare for Android users, but as with most cases there’s no need to panic. At DEFCON24, a security conference held early this month in Las Vegas, security researchers Check Point Mobile announced a new vulnerability for Android users called Quadrooter, that potentially affects 900 million devices.

The vulnerability affects Qualcomm devices, which is where the big scary number comes from. Apparently Qualcomm devices make up around 65% of the Android device users base, with phones from most of the major manufacturers including Sony, Samsung, HTC, Motorola and of course even the Google designed Nexus series.

So, what is Quadrooter? Well, according to the CheckPoint Mobile team:

QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.
So, basically it can get root access to your device, if you are infected.

But, the good news is if you’re not into downloading apps from third-party stores and keep the ‘Install from Unknown Sources’ check box unchecked in Settings, you should be fine. Additionally, Qualcomm told ZDNET that the flaws had been fixed in patches issued to Google between April and the end of July who have added them to the monthly Android Security updates, with a final fix set to arrive in next months September update.

So if your device is receiving the monthly Android security patches, you should be fine. That said, in line with that missing fix, my Nexus 6P on the August 5th security patch is still showing as vulnerable thanks to a single CVE.

Can you also check to see if your device is vulnerable? Yes, yes you can. Check Point Mobile have of course released a QuadRooter Scanner app into Google Play which you can use to see if you have vulnerabilities that require patching. The best thing you can do for now is to wait for the patch to arrive and install it when it does, and continue to not download apps outside of Google Play.

It’s a jungle out there, but Google seems to be doing a pretty good job at keeping up to date with this stuff, so stay within Google Play and you should be fine.

QuadRooter Scanner
QuadRooter Scanner
Developer: Check Point Labs
Price: Free
 
Source: Checkpoint.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

3 Comments on "New Quadrooter vulnerability shows why you should stick to Google Play for downloading your apps"

avatar
Sort by:   newest | oldest | most voted
Member

Samsung note 4 that just got marshmallow has 3/4 vulnerabilities unpatched.

Member

Why is it so easy for hackers to get root access to my phone but, depending on the model, so difficult for me to root my phone?

DontTry ThatOnMe
Valued Guest
DontTry ThatOnMe

You don’t qualify to be a hacker.

wpDiscuz

Check Also

Check for update button is no longer a Placebo in Android

The frustration of Google’s long, slow trollout for updates is almost palpable after a new …