Flaws in Qualcomm Chipset Pose Security Risk for Android Devices

By eWEEK Staff  |  Posted 2016-08-10 Print this article Print

DAILY VIDEO: Qualcomm vulnerabilities put 900 million Android devices at risk; Fedora Linux Account System patched for serious flaw; CTO of Google's self-driving car initiative quits; and there's more.


Samsung Still Doesn't Know Exact Cause of Samsung Note7 Fires

DAILY VIDEO: Samsung still doesn't know the reasons for Note7 smartphone fires; Samsung offers Korean...

How the Internet Survived Massive DNS Attack

DAILY VIDEO: Why a massive DNS attack didn't shut down the internet; the LinkedIn hacking suspect is...

Analysts Offer Mixed Views on AT&T-Time Warner Deal

DAILY VIDEO: Analysts weigh pros and cons of AT&T-Time Warner deal; massive cyber-attack shows...

Czech Police Arrest Alleged LinkedIn Hacker

DAILY VIDEO: Czech police apprehend alleged LinkedIn hacker; Intel gets a boost in lengthy appeal of...

Yahoo's Earnings Exceed Expectations but Ad Revenue Still Eroding

DAILY VIDEO: Yahoo's earnings report shows ad revenue is still eroding; Intel's record Q3 revenue is...

Snowden Offers Grim Assessment of State of Internet Security, Privacy

DAILY VIDEO: Edward Snowden gives his take on security...

FAA's Samsung Galaxy Note7 Flight Ban Poses Challenges for Travelers

DAILY VIDEO: FAA's Samsung Galaxy Note7...

Salesforce No Longer Plans to Pursue Twitter Acquisition

DAILY VIDEO: Salesforce withdraws from contention to acquire Twitter; HP to cut another 3,000 to...

Samsung Releases Details on How to Exchange Defective Note7 Phones

DAILY VIDEO: Samsung releases Note7 return details following its recall; what the new update process...

HP, Lenovo Vie for Top Spot in a Consolidating Global PC Market

DAILY VIDEO: HP closes in on Lenovo in a consolidating global PC market; Intel launches its first...

Read more about the stories in today's news:


Today's topics include the vulnerabilities found in a Qualcomm chipset that put 900 million Android devices at risk, the patch to a critical security flaw in the Fedora Linux Account System, the sudden departure of the CTO for Google’s self-driving car project and Google's acquisition of cloud software marketer Obitera.

A set of security vulnerabilities in Qualcomm chipsets has put 900 million Android smartphones and tablets at risk of being taken over by hackers, according to researchers at security technology vendor Check Point Software.

At the DefCon 24 show in Las Vegas Aug. 7 and in a post on the company blog, Adam Donenfeld, a security researcher with Check Point outlined the four vulnerabilities that he has pulled together under the name QuadRooter.

The security flaws in the Qualcomm chipsets would allow hackers to gain unrestricted access to personal and corporate information stored on the affected Android devices, Donenfeld wrote in the blog post. Check Point reported the vulnerabilities to Qualcomm between February and April and the vendor has released fixes for all four.

Fedora Linux and Red Hat are investigating the potential impact of a major vulnerability that was first disclosed Aug. 8. The flaw in the Fedora Account System could have enabled an unauthorized user to make changes to the system. Fedora is Red Hat's community Linux effort.

"This flaw would allow a specifically formatted HTTP request to be authenticated as any requested user," Paul Frields, engineering manager at Red Hat, wrote in a mailing list message.

"If the authenticated user had appropriate privileges, the attacker would then be able to add, edit, or remove user or group information."

The vulnerability has already been patched in the production version of FAS, Frields said, adding that the infrastructure team is in the process of investigating the issue to see if the vulnerability was ever exploited.

Chris Urmson, chief technology officer of Google parent Alphabet's autonomous car initiative, has left the project apparently to explore other opportunities.

Urmson has been part of the self-driving car project for seven and a half years since leaving Carnegie Mellon University to join Google. "I've decided the time is right to step down and find my next adventure," Urmson wrote in a post on Medium.

"After leading our cars through the human equivalent of 150 years of driving and helping our project make the leap from pure research … I am ready for a fresh challenge." Urmson's departure is the latest in a series of recent high-profile exits from the project.

It isn't often that Google, with its 58,000 employees and numerous partners and contractors around the world, has to go and find innovation outside its fiefdom.

But that's what it did Aug. 8, when the web services giant acquired Orbitera, a West Hollywood, Calif.-based startup that has developed a platform for buying and selling cloud-based software, something Google did not already have at its disposal.

Terms of the deal were not announced, but TechCrunch reported that the price was just over $100 million. The latest addition to its cloud platform will help Google compete with Amazon Web Services, Microsoft and Salesforce in delivering enterprise services, and specifically selling enterprise services in the cloud.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel