Flaws in Qualcomm Chipset Pose Security Risk for Android Devices

Today's topics include the vulnerabilities found in a Qualcomm chipset that put 900 million Android devices at risk, the patch to a critical security flaw in the Fedora Linux Account System, the sudden departure of the CTO for Google’s self-driving car project and Google's acquisition of cloud software marketer Obitera.

A set of security vulnerabilities in Qualcomm chipsets has put 900 million Android smartphones and tablets at risk of being taken over by hackers, according to researchers at security technology vendor Check Point Software.

At the DefCon 24 show in Las Vegas Aug. 7 and in a post on the company blog, Adam Donenfeld, a security researcher with Check Point outlined the four vulnerabilities that he has pulled together under the name QuadRooter.

The security flaws in the Qualcomm chipsets would allow hackers to gain unrestricted access to personal and corporate information stored on the affected Android devices, Donenfeld wrote in the blog post. Check Point reported the vulnerabilities to Qualcomm between February and April and the vendor has released fixes for all four.

Fedora Linux and Red Hat are investigating the potential impact of a major vulnerability that was first disclosed Aug. 8. The flaw in the Fedora Account System could have enabled an unauthorized user to make changes to the system. Fedora is Red Hat's community Linux effort.

"This flaw would allow a specifically formatted HTTP request to be authenticated as any requested user," Paul Frields, engineering manager at Red Hat, wrote in a mailing list message.

"If the authenticated user had appropriate privileges, the attacker would then be able to add, edit, or remove user or group information."

The vulnerability has already been patched in the production version of FAS, Frields said, adding that the infrastructure team is in the process of investigating the issue to see if the vulnerability was ever exploited.

Chris Urmson, chief technology officer of Google parent Alphabet's autonomous car initiative, has left the project apparently to explore other opportunities.

Urmson has been part of the self-driving car project for seven and a half years since leaving Carnegie Mellon University to join Google. "I've decided the time is right to step down and find my next adventure," Urmson wrote in a post on Medium.

"After leading our cars through the human equivalent of 150 years of driving and helping our project make the leap from pure research … I am ready for a fresh challenge." Urmson's departure is the latest in a series of recent high-profile exits from the project.

It isn't often that Google, with its 58,000 employees and numerous partners and contractors around the world, has to go and find innovation outside its fiefdom.

But that's what it did Aug. 8, when the web services giant acquired Orbitera, a West Hollywood, Calif.-based startup that has developed a platform for buying and selling cloud-based software, something Google did not already have at its disposal.

Terms of the deal were not announced, but TechCrunch reported that the price was just over $100 million. The latest addition to its cloud platform will help Google compete with Amazon Web Services, Microsoft and Salesforce in delivering enterprise services, and specifically selling enterprise services in the cloud.

Top White Papers and Webcasts