According to the latest report from Check Point mobile threat research team, there’s a set of four new vulnerabilities called ‘Quadrooter’ that has affected more than 900 million Android smartphones which is powered on Qualcomm chipsets. In case any of these four vulnerabilities gets exploited, the hacker can get the root access to your device. The attacker can exploit these vulnerabilities using a malicious app which requires special permission, which also means you will never know about this app getting installed and exploiting the device.
Most of the latest flagship smartphones today in the market powered Qualcomm chipsets, such as the following list:
- Samsung Galaxy S7 and Samsung S7 Edge
- OnePlus One, OnePlus 2 and OnePlus 3
- Motorola Moto X
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- Sony Xperia Z Ultra
Here’s a screenshot of affected device by QuadRooter shared by AndroidAuthority:
So, if you are using any of the above listed device or any other device which is running on Qualcomm chipset, you must immediately the QuadRooter Scanner App and make sure your device is safe.
Initially these QuadRooter vulnerabilities are found in software drivers which usually ship with Qualcomm chipsets during the manufacturing. Hence the only way to fix them is by installing a patch from distributor or carrier. What measures can we take to safe and not get affected by Quadrooter vulnerability, this is what Check Point recommends:
- Download and install the latest Android updates as soon as they become available. These include important security updates that help keep your device and data protected.
- Understand the risks of rooting your device – either intentionally or as a result of an attack.
- Examine carefully any app installation request before accepting it to make sure it’s legitimate.
- Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, practice good app hygiene by downloading apps only from Google Play.
- Read permission requests carefully when installing any apps. Be wary of apps that ask for permissions that seem unusual or unnecessary or that use large amounts of data or battery life.
- Use known, trusted Wi-Fi networks or while traveling use only those that you can verify are provided by a trustworthy source.
- End users and enterprises should consider using mobile security solutions designed to detect suspicious behavior on a device, including malware that could be obfuscated within installed apps.