Chipset vulnerability puts Android users at risk

By on
Chipset vulnerability puts Android users at risk

Check Point researchers discovered a set of four vulnerabilities, named Quadrooter, affecting Qualcomm chipset software drivers used in Android devices. The flaws could affect 900 million devices running Android Marshmallow.

An attacker needs only to write a piece of malware and send it to a victim or deliver it through a malicious app, according to a Check Point report. Once installed, the malware provides the bad actor with privilege escalation which would allow them to gain root access on that device. They would then be capable of extracting data and manipulating the device's camera and microphone.

If exploited, the vulnerabilities can grant "complete control of devices and access to sensitive personal and enterprise data" to attackers, the report stated. "If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device."

Qualcomm released patches for all four vulnerabilities last month, although the process of individual Android devices releasing a patch can take anywhere from “several weeks to months, depending on the manufacturer, carrier, and Google,” Check Point mobile security evangelist Jeff Zacuto told SCMagazine.com.

Vulnerabilities can occur within any Android component. The unique challenge for the Android platform is that when patches affecting a hardware component are discovered, the patch then must “work its way through the Android supply chain,” Zacuto said.

Nexus devices received patches for three of the flaws in Google's most recent monthly security update, and a patch for the fourth will be issued in the upcoming September update, Zacuto said.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

How do you feel about Telstra's new services play?
Telstra has become a direct threat - we'll only work with other carriers
We can live with this - we'll still use Telstra networks
This is an opportunity for us - customers liked working with Telstra's sub-brands
This changes nothing - Telstra was always a competitor
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?