Qualcomm pretty much dominates the mobile processor market for Android devices, and a set of security flaws found in the company’s chips could put all those smartphones and tablets at risk. “QuadRooter,” which was revealed by security firm Check Point over the weekend, makes more than 900 million Android devices vulnerable to attack.
QuadRooter is comprised of four different vulnerabilities in Qualcomm’s code that make it possible to control a device remotely, access private data and use the camera or microphone. Check Point uncovered the flaws earlier this year and gave Qualcomm three months to issue a fix before revealing its findings at the Def Con hacker convention in Las Vegas.
“Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier,” Check Point explained. “Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm. This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.”
All a hacker needs to do is trick you into downloading a malicious app that doesn’t require any special permissions. QuadRoot affects most major Android devices, including the Nexus 5X, Nexus 6P, Galaxy S7, Galaxy S7 Edge, OnePlus One, OnePlus 2, OnePlus 3, LG G4, LG G5, LG V10, HTC 10 and even BlackBerry’s super-secure DTEK50.
Thankfully, Qualcomm has already released security fixes to patch three vulnerabilities, with the fourth fix coming next month. You can also download a special QuadRooter Scanner app from Check Point to see if your device is affected via the source link below.