Recent cybersecurity and vulnerability updates revealed a security flaw on mobile devices using Qualcomm Snapdragon processors. According to Check Point, the newest vulnerability – called QuadRooter – only affects devices running the Android operating system on a Qualcomm chipset. They all estimated that around 900 million mobile devices maybe prone to this security risk.
For those who do not know, QuadRooter is a set of four vulnerabilities entering on Qualcomm-based devices. If any of the four security risks is exploited, the attacker can gain complete access to the device.
The following devices are just some of the few popular Android devices that are vulnerable to said attack:
- Blackberry Priv
- Blackphone 1 and 2
- Google Nexus 5X, 6, and 6P
- HTC One, M9 and 10
- LG G4, G5 and V10
- Motorola Moto X
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and S7 Edge
- Sony Xperia Z Ultra
The way an attacker can exploit this loophole is by means of a malicious app. This app will have root privileges as well as operating unseen by the user. This provides the user an unimpeded access to a compromised device. The attacker can then exploit all the information from within the user?s phone. Including, but not limited to, accessing the camera, listening to conversations, and extracting sensitive personal details such as banking information.
Unfortunately, issuing updates in Android is a bit convoluted. First the chip manufacturer will have to be notified about the flaw. After which, it will issue a patch to the operating system maker such as Google. By then, the Google will release the security update which will then be passed to the carriers. Finally, it is up to the carriers to approve the release of the said patch. This process takes time and often leaves the patch a week or even a month late.
Check Point addressed these flaws back in April. From then, Qualcomm and Google have released three out of four security patches. The fourth remains without a patch. However, it is possible it will come out this September.
How to protect yourself
The best way of protecting one?s self from any malicious attacks is by making sure to install the newest security patches. Avoid installing unverified apps as well as making sure that the security settings of your phone does not allow installation from unknown sources. Users are also suggested to avoid using untrusted WiFi networks. Also, avoid side-loading apps to one?s device.
For more update regarding this security risk, stay tuned to TheBitBag.