New Android vulnerability affects over 900 million Qualcomm devices

Yep! Another vulnerability in Qualcomm devices, dubbed “QuadRooter”, was disclosed by Check Point in a session at DEF CON 24 in Las Vegas


QuadRooter is a set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to device.

If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. 
According to the latest statistics, the chip is found in more than 900 Million Android devices including the latest and most popular devices found on the market today:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

The four security vulnerabilities

  1. CVE-2016–2503 discovered in Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.
  2. CVE-2016–2504 found in Qualcomm GPU driver and fixed in Google’s Android Security Bulletin for August 2016.
  3. CVE-2016–2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.
  4. CVE-2016–5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.

The vulnerabilities were disclosed in a session at DEF CON, and in a post on Check Point blog:

QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. Any Android device built using these chipsets is at risk. The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices.

Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.

This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.


How to check if my device is vulnerable?

You can check if your smartphone or tablet is vulnerable to QuadRooter attack using Check Point’s free app.

https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter


Resources

https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter
https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter
https://www.checkpoint.com/downloads/resources/quadRooter-vulnerability-research-report.pdf

Comments