Flaws in Qualcomm Chipset Pose Security Risk for Android Devices

By eWEEK Staff  |  Posted 2016-08-10 Print this article Print

DAILY VIDEO: Qualcomm vulnerabilities put 900 million Android devices at risk; Fedora Linux Account System patched for serious flaw; CTO of Google's self-driving car initiative quits; and there's more.


Amazon Shows Off Grocery Store Without Checkout Counters

DAILY VIDEO: Amazon unveils no-checkout POS system for early 2017; Google patches Android for 74...

Avalanche Botnet Shut Down by International Law Enforcement Action

DAILY VIDEO: Avalanche botnet disabled by law enforcement; Google launches continuous testing service...

More than 1 Million Android Devices Infected by 'Gooligan' Trojan

DAILY VIDEO: 'Gooligans' malware infects more than 1.3 million Android devices; Firefox patched for...

Azure Cloud Flaw Posed Hacking Risk to RHEL Virtual Machines

DAILY VIDEO: Microsoft Azure flaw posed RHEL hacking risk; Google explores use of machine learning to...

Microsoft Readying New Smartphone Models for Late 2017, Reports Say

DAILY VIDEO: Microsoft readying new mobile device push in 2017, reports say; Cisco extends security...

San Francisco Transit Agency Gets Back Online After Ransomware Attack

DAILY VIDEO: Cyber-attack knocks out San Francisco transit system fare terminals; Cisco extends...

Recount in Wisconsin Unlikely to Reveal Vote System Fraud, Hacking

DAILY VIDEO: Election recount unlikely to reveal evidence of vote system hacking; Mimecast brings...

Microsoft Sets Sights on Building Practical Quantum Computer

DAILY VIDEO: Microsoft Starts Quantum Computer Development Program; Cerber Ransomware Expands...

Symantec Buys Out Identity Protection Firm LifeLock for $2.3 Billion

DAILY VIDEO: Symantec acquires identity protection vendor LifeLock for $2.3 Billion; Oracle acquires...

Nvidia, OpenAI to Collaborate With Microsoft's AI Efforts

DAILY VIDEO: Microsoft's AI efforts get a boost from Nvidia, Elon Musk's OpenAI; Mozilla introduces...

Read more about the stories in today's news:


Today's topics include the vulnerabilities found in a Qualcomm chipset that put 900 million Android devices at risk, the patch to a critical security flaw in the Fedora Linux Account System, the sudden departure of the CTO for Google’s self-driving car project and Google's acquisition of cloud software marketer Obitera.

A set of security vulnerabilities in Qualcomm chipsets has put 900 million Android smartphones and tablets at risk of being taken over by hackers, according to researchers at security technology vendor Check Point Software.

At the DefCon 24 show in Las Vegas Aug. 7 and in a post on the company blog, Adam Donenfeld, a security researcher with Check Point outlined the four vulnerabilities that he has pulled together under the name QuadRooter.

The security flaws in the Qualcomm chipsets would allow hackers to gain unrestricted access to personal and corporate information stored on the affected Android devices, Donenfeld wrote in the blog post. Check Point reported the vulnerabilities to Qualcomm between February and April and the vendor has released fixes for all four.

Fedora Linux and Red Hat are investigating the potential impact of a major vulnerability that was first disclosed Aug. 8. The flaw in the Fedora Account System could have enabled an unauthorized user to make changes to the system. Fedora is Red Hat's community Linux effort.

"This flaw would allow a specifically formatted HTTP request to be authenticated as any requested user," Paul Frields, engineering manager at Red Hat, wrote in a mailing list message.

"If the authenticated user had appropriate privileges, the attacker would then be able to add, edit, or remove user or group information."

The vulnerability has already been patched in the production version of FAS, Frields said, adding that the infrastructure team is in the process of investigating the issue to see if the vulnerability was ever exploited.

Chris Urmson, chief technology officer of Google parent Alphabet's autonomous car initiative, has left the project apparently to explore other opportunities.

Urmson has been part of the self-driving car project for seven and a half years since leaving Carnegie Mellon University to join Google. "I've decided the time is right to step down and find my next adventure," Urmson wrote in a post on Medium.

"After leading our cars through the human equivalent of 150 years of driving and helping our project make the leap from pure research … I am ready for a fresh challenge." Urmson's departure is the latest in a series of recent high-profile exits from the project.

It isn't often that Google, with its 58,000 employees and numerous partners and contractors around the world, has to go and find innovation outside its fiefdom.

But that's what it did Aug. 8, when the web services giant acquired Orbitera, a West Hollywood, Calif.-based startup that has developed a platform for buying and selling cloud-based software, something Google did not already have at its disposal.

Terms of the deal were not announced, but TechCrunch reported that the price was just over $100 million. The latest addition to its cloud platform will help Google compete with Amazon Web Services, Microsoft and Salesforce in delivering enterprise services, and specifically selling enterprise services in the cloud.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel