Another major flaw has been discovered in smartphones and tablets powered by Android that leaves more than 900 million devices vulnerable. The vulnerabilities found in devices that ship with Qualcomm chips may enable a hacker to take full control of the device without the user ever finding out. Researchers at security firm Check Point called the high-risk privilege escalation vulnerabilities “Quadrooter.”
The vulnerabilities were explained in detail by Check Point’s lead mobile security researcher Adam Donenfeld at the Def Con security conference yesterday.
The attacker would first have to fool the user into installing a malicious application which doesn’t require any special permission. That’s one of the reasons why Android users should stick to downloading apps from Google Play Store as it’s common for malware infected apps to be spread via online file sharing sites.
Once the app is installed, the attacker gets root access and can then go through all of the data on the affected device and even access its microphone and camera. Handsets affected by this include the Galaxy S7 series, the HTC 10 and One M9, Nexus 6 and Nexus 6P, Nexus 5X, and even BlackBerry’s recently announced DTEK50 secure Android smartphone.
Qualcomm has said that it has taken care of the vulnerabilities and sent patches to partners and the open source community till the end of last month. Device makers will now be rolling out these patches in the coming days and weeks. Google has confirmed that the fourth vulnerability will be fixed in the September security update.