Slashdot Mirror

← Back to Stories (view on slashdot.org)

900M Android Devices Vulnerable To New 'Quadrooter' Security Flaw (cnet.com)

Posted by EditorDavid on from the Def-Con-dispatches dept.

An anonymous Slashdot reader quotes a report from CNET: Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device. The set of vulnerabilities, dubbed "Quadrooter," affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws. An attacker would have to trick a user into installing a malicious app, which wouldn't require any special permissions. If successfully exploited, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware -- including its camera and microphone.
The flaw even affects several of Google's own Nexus devices, as well as the Samsung Galaxy S7 and S7 Edge, according to the article, as well as the Blackberry DTEK50, which the company describes as the "most secure Android smartphone." CNET adds that "A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed."

4 of 129 comments (clear)

  1. You can read more of this story... by ChunderDownunder · · Score: 1, Insightful

    Eds, why not check the article and link directly to zdnet and not the 'sister' publication?

  2. Rooted phone? by Razed+By+TV · · Score: 5, Insightful

    Does this mean I might get to root my otherwise unrootable phone?

  3. Re:Chalk one up for iOS by Dutch+Gun · · Score: 4, Insightful

    Personally, I've never understood why people pick sides and root for 500 billion dollar corporation X versus 500 billion dollar corporation Y like they're a sports team. Console vs console or console vs PC wars are equally inane to me. Where's the virtue in being wedded to a single platform? Is being techo-polygamous a bad thing?

    Anyhow... considering that this requires installing a malicious app, the chances of most people getting hit with this are pretty low, especially now that app stores know what to look for. These sorts of issues are only a real problem when you can get infected with a drive-by SMS message or something like that.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  4. Re:Chalk one up for iOS by Bing+Tsher+E · · Score: 4, Insightful

    No, I will still hate Apple the company. For who they are and who they have been historically. I've hated them since Steve Jobs stood up on a platform and boasted of the new 'Hacker Proof' Macintosh at product introduction.

    That was in the old days, and hacker had the meaning we all still wish it did.

    Other crimes Apple committed include suing all the third party GUI vendors out of business. They ran the GEM desktop and the GEOS desktop off the market. They sued and drove out of business everybody but Microsoft's GUI. In effect they created the Windows monopoly we have today. Fuckers. Fuck Apple.