Not again: Over 900 million Android devices affected by QuadRooter vulnerability
Over 900 million Android devices are said to be impacted by four vulnerabilities related to Qualcomm chipsets. Referred to as QuadRooter, any one of the four vulnerabilities can allow an attack to gain root access to an Android smartphone or tablet. This ostensibly gives an attacker complete control of a device, and can provide capabilities such as keylogging, GPS tracking, the ability to remotely record video or audio.
QuadRooter was uncovered by security firm Check Point, who says any Android device with a Qualcomm chipset is at risk. Samsung, LG, Motorola, HTC, Sony, BlackBerry, and Google Nexus devices all typically rely on Qualcomm chips (although flagship Samsung smartphones sold in Australia have typically used Samsung-made chipsets as of late). The vulnerabilities exist within a device’s drivers, and as such, require a software update to amend. Qualcomm will first need to distribute an update to manufacturers, who will then need to create and distribute patches for each affected smartphone.
While it will inevitably take time for manufactures to address the vulnerability, Android users can protect themselves by only installing reputable apps from the Google Play Store. Users should also read permission requests carefully when installing any app, and be wary of apps that ask for permissions that seem unnecessary. Side-loading apps and installing apps from third-party should be avoided.
Even if flagship handsets get patched, many more affordable Android devices may never see software or security updates that address QuadRooter. As of March this year, over 850 million Android devices were affected by Stagefright, a year old Android vulnerability that allows hackers to hijack a phone through via malicious MMS. While some of this is due to older devices not being able to upgrade to the newer versions of Android, this is also a result of manufactures who often sell devices at a cheap price point with the intention of providing very little post-purchase support.
CheckPoint has made app that allows Android device owners to check if their phone is affected by QuadRooter. It is available on the Google Play Store.