Flaws in Qualcomm Chipset Pose Security Risk for Android Devices

By eWEEK Staff  |  Posted 2016-08-10 Print this article Print

DAILY VIDEO: Qualcomm vulnerabilities put 900 million Android devices at risk; Fedora Linux Account System patched for serious flaw; CTO of Google's self-driving car initiative quits; and there's more.


Facebook Starts 'Journalism Project' to Curb Fake News

DAILY VIDEO: Facebook unveils ambitious project to clean up news feeds; Google rolls out new cloud...

Yahoo to Emerge from Verizon Sale Under New Name: 'Altaba

DAILY VIDEO: CEO, co-founder to leave Yahoo, now known as Altaba; DHS designates election machines,...

Hacker Enters Guilty Plea to Attacks on U.S. Intelligence Officials

DAILY VIDEO: Hacker pleads guilty to attacks against U.S intelligence officials; Google spinoff...

MongoDB Databases Hit by Multiple Groups of Ransomware Attackers

DAILY VIDEO: MongoDB ransomware impacts over 10,000 databases; Labor Department sues Google demanding...

FTC Sues D-Link Over Security Flaws in Routers, IP Cameras

DAILY VIDEO: FTC claims D-Link routers and IP cameras are leaving consumers at risk; Microsoft...

Red Hat Improves Hybrid Cloud Management With CloudForms 4.2

DAILY VIDEO: Red Hat CloudForms 4.2 Improves Hybrid Cloud Management; Virtual Reality-Enabled Windows...

DHS-FBI Report Provides Details on Russian Hacks of U.S. Targets

DAILY VIDEO: DHS-FBI report details Russian malicious cyber activity; U.S. prosecutors charge three...

Amazon Refuses to Give Police Echo Digital Assistant User Transcripts

DAILY VIDEO: Amazon resists warrant for Echo digital assistant user transcripts; South Korea fines...

Congressional Study Concludes Strong Encryption Important for Economy

DAILY VIDEO: Congressional study backs strong encryption essential for U.S. economy; Container...

Security Flaws Detected in Panasonic Airline Entertainment System

DAILY VIDEO: Security vulnerabilities found in airline entertainment systems; Akamai acquires...

Read more about the stories in today's news:


Today's topics include the vulnerabilities found in a Qualcomm chipset that put 900 million Android devices at risk, the patch to a critical security flaw in the Fedora Linux Account System, the sudden departure of the CTO for Google’s self-driving car project and Google's acquisition of cloud software marketer Obitera.

A set of security vulnerabilities in Qualcomm chipsets has put 900 million Android smartphones and tablets at risk of being taken over by hackers, according to researchers at security technology vendor Check Point Software.

At the DefCon 24 show in Las Vegas Aug. 7 and in a post on the company blog, Adam Donenfeld, a security researcher with Check Point outlined the four vulnerabilities that he has pulled together under the name QuadRooter.

The security flaws in the Qualcomm chipsets would allow hackers to gain unrestricted access to personal and corporate information stored on the affected Android devices, Donenfeld wrote in the blog post. Check Point reported the vulnerabilities to Qualcomm between February and April and the vendor has released fixes for all four.

Fedora Linux and Red Hat are investigating the potential impact of a major vulnerability that was first disclosed Aug. 8. The flaw in the Fedora Account System could have enabled an unauthorized user to make changes to the system. Fedora is Red Hat's community Linux effort.

"This flaw would allow a specifically formatted HTTP request to be authenticated as any requested user," Paul Frields, engineering manager at Red Hat, wrote in a mailing list message.

"If the authenticated user had appropriate privileges, the attacker would then be able to add, edit, or remove user or group information."

The vulnerability has already been patched in the production version of FAS, Frields said, adding that the infrastructure team is in the process of investigating the issue to see if the vulnerability was ever exploited.

Chris Urmson, chief technology officer of Google parent Alphabet's autonomous car initiative, has left the project apparently to explore other opportunities.

Urmson has been part of the self-driving car project for seven and a half years since leaving Carnegie Mellon University to join Google. "I've decided the time is right to step down and find my next adventure," Urmson wrote in a post on Medium.

"After leading our cars through the human equivalent of 150 years of driving and helping our project make the leap from pure research … I am ready for a fresh challenge." Urmson's departure is the latest in a series of recent high-profile exits from the project.

It isn't often that Google, with its 58,000 employees and numerous partners and contractors around the world, has to go and find innovation outside its fiefdom.

But that's what it did Aug. 8, when the web services giant acquired Orbitera, a West Hollywood, Calif.-based startup that has developed a platform for buying and selling cloud-based software, something Google did not already have at its disposal.

Terms of the deal were not announced, but TechCrunch reported that the price was just over $100 million. The latest addition to its cloud platform will help Google compete with Amazon Web Services, Microsoft and Salesforce in delivering enterprise services, and specifically selling enterprise services in the cloud.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel