Flaws in Qualcomm Chipset Pose Security Risk for Android Devices

 
 
By eWEEK Staff  |  Posted 2016-08-10 Print this article Print
 
 
 
 
 
 
 

DAILY VIDEO: Qualcomm vulnerabilities put 900 million Android devices at risk; Fedora Linux Account System patched for serious flaw; CTO of Google's self-driving car initiative quits; and there's more.

 

 
Most Note7 Owners Choosing New Note7 Replacements Over Alternatives

DAILY VIDEO: Most Note7 owners want new Note7 replacements, Samsung claims; HPE and Dell unveil...

Google Tablet, Laptop to Run Android, Chrome OS Hybrid: Report

DAILY VIDEO: Google plans tablet and laptop running Android, Chrome OS hybrid; Salesforce releases...

Windows Server 2016 Debuts at Microsoft Ignite Conference

DAILY VIDEO: Microsoft's Windows Server 2016 debuts at Ignite conference; Docker now runs on Windows...

Salesforce, Other Suitors Reportedly Considering Twitter Buyout

DAILY VIDEO: Salesforce reportedly considering buying Twitter; Apple unveils public version of iOS...

Apple iPhone 7 Users Report 'Hissing' Noise That May Prove Innocuous

DAILY VIDEO: "Hissing" iPhone 7s reported, but that may be a normal noise; Microsoft delivers Version...

Google Smartphone, VR Headset Expected to Debut at Oct. 4 Event

DAILY VIDEO: Google expected to unveil smartphone, VR headset at Oct. 4 event; Ellison claims...

Samsung Says Green Charging Light Hallmark of Safe Note7 Handsets

DAILY VIDEO: Samsung Note7 recall update: How to ID a non-defective handset; Oracle launches a major...

Google to Roll Out Allo Messaging App on Sept. 21: Report

DAILY VIDEO: Google reportedly launching Allo messaging app Sept. 21; Intel, GE partner to make...

iPhone 7 Plus So Far More Popular Than iPhone 7

DAILY VIDEO: iPhone 7 sales patterns contrast with those of iPhone 6 and 6s; mobile carriers unveil...

Apple Says iPhone 7 Sales Start With Some Models Already Sold Out

DAILY VIDEO: Apple says some iPhone 7 models are already sold out; Qualcomm pushes for more dual...



Read more about the stories in today's news:

 
 
 

Today's topics include the vulnerabilities found in a Qualcomm chipset that put 900 million Android devices at risk, the patch to a critical security flaw in the Fedora Linux Account System, the sudden departure of the CTO for Google’s self-driving car project and Google's acquisition of cloud software marketer Obitera.

A set of security vulnerabilities in Qualcomm chipsets has put 900 million Android smartphones and tablets at risk of being taken over by hackers, according to researchers at security technology vendor Check Point Software.

At the DefCon 24 show in Las Vegas Aug. 7 and in a post on the company blog, Adam Donenfeld, a security researcher with Check Point outlined the four vulnerabilities that he has pulled together under the name QuadRooter.

The security flaws in the Qualcomm chipsets would allow hackers to gain unrestricted access to personal and corporate information stored on the affected Android devices, Donenfeld wrote in the blog post. Check Point reported the vulnerabilities to Qualcomm between February and April and the vendor has released fixes for all four.

Fedora Linux and Red Hat are investigating the potential impact of a major vulnerability that was first disclosed Aug. 8. The flaw in the Fedora Account System could have enabled an unauthorized user to make changes to the system. Fedora is Red Hat's community Linux effort.

"This flaw would allow a specifically formatted HTTP request to be authenticated as any requested user," Paul Frields, engineering manager at Red Hat, wrote in a mailing list message.

"If the authenticated user had appropriate privileges, the attacker would then be able to add, edit, or remove user or group information."

The vulnerability has already been patched in the production version of FAS, Frields said, adding that the infrastructure team is in the process of investigating the issue to see if the vulnerability was ever exploited.

Chris Urmson, chief technology officer of Google parent Alphabet's autonomous car initiative, has left the project apparently to explore other opportunities.

Urmson has been part of the self-driving car project for seven and a half years since leaving Carnegie Mellon University to join Google. "I've decided the time is right to step down and find my next adventure," Urmson wrote in a post on Medium.

"After leading our cars through the human equivalent of 150 years of driving and helping our project make the leap from pure research … I am ready for a fresh challenge." Urmson's departure is the latest in a series of recent high-profile exits from the project.

It isn't often that Google, with its 58,000 employees and numerous partners and contractors around the world, has to go and find innovation outside its fiefdom.

But that's what it did Aug. 8, when the web services giant acquired Orbitera, a West Hollywood, Calif.-based startup that has developed a platform for buying and selling cloud-based software, something Google did not already have at its disposal.

Terms of the deal were not announced, but TechCrunch reported that the price was just over $100 million. The latest addition to its cloud platform will help Google compete with Amazon Web Services, Microsoft and Salesforce in delivering enterprise services, and specifically selling enterprise services in the cloud.

 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel