Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Qualcomm Vulnerabilities Put 900 Million Android Devices at Risk

    By
    JEFF BURT
    -
    August 9, 2016
    Share
    Facebook
    Twitter
    Linkedin
      smartphone exploit

      A set of security vulnerabilities in Qualcomm chipsets has put 900 million Android smartphones and tablets at risk of being taken over by hackers, according to researchers at security technology vendor Check Point Software Technologies.

      At the DefCon 24 show in Las Vegas on Aug. 7 and in a post on the company blog, Adam Donenfeld, a security researcher with Check Point outlined four vulnerabilities that he has pulled together under the name QuadRooter. The security flaws in the Qualcomm chipsets open up the Android devices to being taken over by hackers who can gain control and unrestricted access to personal and corporate information on them, Donenfeld wrote in the blog post.

      Check Point reported the vulnerabilities to Qualcomm between February and April, and the vendor has released fixes for all four. However, Qualcomm’s position as the world’s largest mobile chip maker has put a wide range of devices at risk, and the fragmented nature of the Android market presents challenges to ensuring that all the smartphones and tablets can be protected in a timely fashion.

      “QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets,” Donenfeld wrote. “Qualcomm is the world’s leading designer of LTE chipsets with a 65 percent share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device. … If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.”

      In a statement to journalists, Qualcomm officials said the company had “made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July.”

      According to Check Point officials, the vulnerabilities are in the software drivers in the chipsets, so any Android devices using the chipsets are exposed. The drivers control communications between components on the chipset, Donenfeld wrote. A problem is that because these vulnerable chipsets are built into the smartphones and tablets before they ship, they can only be fixed by installing a software patch from the device maker or carrier. Those companies get the patches through fixed driver packs from Qualcomm.

      “This situation highlights the inherent risks in the Android security model,” Donenfeld wrote. “Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.”

      At the same time, older devices that no longer are supported may not get the update.

      According to Check Point, an attacker can exploit the vulnerabilities by using a malicious app that doesn’t need any special permissions, which may reduce the suspicion of any users considering downloading it.

      Check Point has released a free scanner app in the Android Play store that end users can employ to see if their devices are at risk to from the QuadRooter vulnerabilities. Devices that use these chipsets from Qualcomm include Google’s Nexus 5X, Nexus 6 and Nexus 6P; HTC’s One, M9 and 10; the G4, G5 and V10 from LG Electronics; Samsung’s Galaxy S7 and S7 Edge; and Sony’s Xperia Z Ultra, according to Check Point.

      Check Point is urging users to download and install the latest Android updates as soon as they become available and to examine any app installation request carefully before accepting it to ensure that it’s legitimate. In addition, users should only download apps on Google Play and avoid apps found on third-party sites, and they should only use trusted WiFi networks or—when traveling—only use those that can be verified as coming from a trustworthy source.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×