Slashdot Mirror

← Back to Stories (view on slashdot.org)

900M Android Devices Vulnerable To New 'Quadrooter' Security Flaw (cnet.com)

Posted by EditorDavid on from the Def-Con-dispatches dept.

An anonymous Slashdot reader quotes a report from CNET: Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device. The set of vulnerabilities, dubbed "Quadrooter," affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws. An attacker would have to trick a user into installing a malicious app, which wouldn't require any special permissions. If successfully exploited, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware -- including its camera and microphone.
The flaw even affects several of Google's own Nexus devices, as well as the Samsung Galaxy S7 and S7 Edge, according to the article, as well as the Blackberry DTEK50, which the company describes as the "most secure Android smartphone." CNET adds that "A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed."

4 of 129 comments (clear)

  1. Re:Rooted phone? by Wycliffe · · Score: 4, Interesting

    Does this mean I might get to root my otherwise unrootable phone?

    I was thinking the same thing. Someone please publish the exploit on github so I can compile it and root my own phone.

  2. Re:Chalk one up for iOS by Solandri · · Score: 3, Interesting

    iOS actually has a lot more vulnerabilities than Android. Most of the folks in the press are just enamored by Apple, so they downplay stories about flaws in iOS, while publicizing stories about flaws in Android to try to warp reality to fit their biases.

  3. Re:Chalk one up for iOS by dinfinity · · Score: 4, Interesting

    For me it is not about Google vs Apple, but Android vs iOS and the philosophies behind them.

    I believe in open platforms being better for mankind in the end, warts and all.

  4. Re: Chalk one up for iOS by tepples · · Score: 3, Interesting

    First, Google Play Store has a filter called Bouncer that attempts to detect known malicious attacks in APKs. Second, if a malicious app does slip past Bouncer, it can be reported to Google.