Slashdot Mirror
900M Android Devices Vulnerable To New 'Quadrooter' Security Flaw (cnet.com)
An anonymous Slashdot reader quotes a report from CNET:
Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device. The set of vulnerabilities, dubbed "Quadrooter," affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws. An attacker would have to trick a user into installing a malicious app, which wouldn't require any special permissions. If successfully exploited, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware -- including its camera and microphone.
The flaw even affects several of Google's own Nexus devices, as well as the Samsung Galaxy S7 and S7 Edge, according to the article, as well as the Blackberry DTEK50, which the company describes as the "most secure Android smartphone." CNET adds that "A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed."
The flaw even affects several of Google's own Nexus devices, as well as the Samsung Galaxy S7 and S7 Edge, according to the article, as well as the Blackberry DTEK50, which the company describes as the "most secure Android smartphone." CNET adds that "A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed."
Eds, why not check the article and link directly to zdnet and not the 'sister' publication?
Does this mean I might get to root my otherwise unrootable phone?
The Apple haters will be silent tonight
You might want to go read the past Slashdot discussion threads about previous Android flaws, and then reconsider your statement.
#DeleteChrome
That's what me and my mates called ur mum, she's pretty skilled taking 4 at a time.
If this were a similar fault on an Apple device,you know that the bulk of the submitters here would be showing them no mercy.
>"Chalk one up for iOS"
Um, no.
1) Don't sideload apps unless you REALLY know what you are doing. You can't even officially DO that on iOS. So if you treat Android like iOS and don't change the default to NOT sideload and ignore all the warnings, then you are probably just fine.
2) All mine are Nexus and likely to be updated quickly.
This is mostly fear mongering. Now if you could root my phone with an MMS or some other function that does not require me to turn of security features first, then I'll worry.
I will worry about all the cheap chinese tabs and phones that come with sideloading (and malware/crapware) installed by default.
Silence is a state of mime.
http://blog.checkpoint.com/201...
you're owned anyways.
what's so special about this? people just hit 'yes' on all permissions on android anyways. am I missing something?
Check Point has an app in the Google Play app store that scans your phone for the vulnerabilities: https://play.google.com/store/...
Personally, I've never understood why people pick sides and root for 500 billion dollar corporation X versus 500 billion dollar corporation Y like they're a sports team. Console vs console or console vs PC wars are equally inane to me. Where's the virtue in being wedded to a single platform? Is being techo-polygamous a bad thing?
Anyhow... considering that this requires installing a malicious app, the chances of most people getting hit with this are pretty low, especially now that app stores know what to look for. These sorts of issues are only a real problem when you can get infected with a drive-by SMS message or something like that.
Irony: Agile development has too much intertia to be abandoned now.
What the fuck does a bug that requires social engineering and ignorant users installing sketchy software have to do with apple's alleged superiority?
Is it not obvious that it's pretty serious when the security of a system can be completely subverted by a non-privileged program? Regardless of whether you have bought into idiotic platform flamewars you can't argue with the fact that any platform that has a bug like this has a serious problem compared to the competition. What is odd is that one of the most commonly presented advantages for Android over iOS is the ability to sideload apps and install apps from non-official app stores thus giving the user control of their device, then a bug like this appears and all of a sudden Android fans act like this is something no sane person would ever think of doing.
Platform wars are moronic but the fascinating thing is the way the logic of the fanboys flips around depending on the current news. ...not to mention reading comprehension is the next thing to go and as a result I'll probably get branded and "apple fanboy" or a "shill" somewhere after this post.
I love it how when a security vulnerability is found on Apple devices it's reported as "New way discovered to jailbreak your phone!", but when it happens to Android it's "Android devices vulnerable to attack!"
No, I will still hate Apple the company. For who they are and who they have been historically. I've hated them since Steve Jobs stood up on a platform and boasted of the new 'Hacker Proof' Macintosh at product introduction.
That was in the old days, and hacker had the meaning we all still wish it did.
Other crimes Apple committed include suing all the third party GUI vendors out of business. They ran the GEM desktop and the GEOS desktop off the market. They sued and drove out of business everybody but Microsoft's GUI. In effect they created the Windows monopoly we have today. Fuckers. Fuck Apple.
I think ALL of us jailbreakers and rooters should celebrate this. Now I might be able to push an adaway hostfile with 875K worth of junk hosts of malware, ads, adware, gambling and other cruft blocked. I cant believe I need to wait for a flaw like this to update the hosts file on the phone I own.
This weaponizing of opensource software to do things like make it impossible to edit /etc/hosts with malware blocks is unreal.
Legalize the constitution. Think for yourself question authority.
An attacker would have to trick a user into installing a malicious app
That doesn't sound like it's the silicon's fault to me, but what the hell do I know?
“He’s not deformed, he’s just drunk!”
The Blackphone 2 uses a Qualcomm Snapdragon chip. The maintainers (Silent Circle) released a patch a week ago that 'updates to the latest Qualcomm config files' but it's unclear if that fixes this specific vulnerability.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
Stopped reading after that.
Mundus vult decipi, ergo decipiatur.
"..One hosts to look them up, one DNS to find them, and in the darkness BIND them."
"An attacker would have to trick a user into installing a malicious app"
Is this what slashdot is reduced to, posting bogus pseudo technical quotes from a known Microsoft shill.
Except Android doesn't use /etc/hosts. That's a function of the stub resolver in the C library you use, and the Android C library simply doesn't support it.
What would prevent a bugged android apk to be delivered via the playstore? Are the gatekeepers that trustworthy?
I don't trust them, but I did trust android permissions to (at least) identify apps with strange behaviours. Seems I was wrong and I'll need to stop installing crap.
This is a serious bug, but iOS security superiority is not on its walled garden, but in its timely OS updates.
Where's the virtue in being wedded to a single platform? Is being techo-polygamous a bad thing?
It increases your attack surface. It's safer to be a serial-monogamist.
Well, the GP blamed google.. The language of the summary made it sound to me like it was a fault in the silicon.. Turns out both statements are wrong. It's qualcomm's drivers. I stand corrected.
Well, it seemed to me when I first read the summary that it was a hw problem.. It's not. it's drivers provided by qualcomm.. If apple was using the same drivers they'd be just as blameless as google is.
FOR THE LOVE OF GOD, EXPLOIT MY BOOTLOADER, MAKE HER VULNERABLE TO ATTACK! For my Verizon Samsung Galaxy S7 remains invulnerable to any attack outside simple root base exploits. Oh script kiddy gods, I BEG YOU (no sarcasm).
iOS actually has a lot more vulnerabilities than Android. Most of the folks in the press are just enamored by Apple, so they downplay stories about flaws in iOS, while publicizing stories about flaws in Android to try to warp reality to fit their biases.
If it doesn't trip knox then someone could retool the exploit to root the phones in a good way.
What would prevent a bugged android apk to be delivered via the playstore?
Nothing, in fact I believe it has happened multiple times before.
This is a serious bug, but iOS security superiority is not on its walled garden, but in its timely OS updates.
Correct, but this isn't really about the walled garden. You can sideload apps on iOS too if you have XCode7, but there is no (known) privilege exploit that allows a userland application to get full privileges.
There's no update, and even if there were it'll come when the providers push it out. With a phone, you just have to accept that if the thing is vulnerable, it is vulnerable. You can't really do anything as a user. Anything you can do is shit you should already be doing like installing apps only from trusted sourced and running a malware scanner.
For me it is not about Google vs Apple, but Android vs iOS and the philosophies behind them.
I believe in open platforms being better for mankind in the end, warts and all.
They sued and drove out of business everybody but Microsoft's GUI.
There's this thing called Linux. I'd recommend taking a look at it.
... grumble, grumble, grumble, mutter, mutter, Millenium... Hand... Shrimp, I tol' 'em, I tol' 'em.
while true, Apple would also spend the time an have 80% of all IOS devices updated in 3 months, were by this time next year less than 100 million andriod devices will have the update.
Andriod has a severe update problem that isn't going away. google was smart enough to bake a decent amount of security in to start with, but I still keep expecting a massive worm attack.
i thought once I was found, but it was only a dream.
Have you ever heard Apple make the excuse that it's the fault of a third party driver when there is a security issue with iOS? I doubt that Apple would accept any binary only drivers from someone who produces its chips.
How would downloading apps only from the Google Play store prevent apps from taking advantage of a security flaw in Android?
Did you notice how many of those vulnerabilities have already been patched? The latest version of iOS 9.3.3 is compatible with every iOS device sold since September 2011 and was available for every iPhone regardless of carrier the day it was released.
First, Google Play Store has a filter called Bouncer that attempts to detect known malicious attacks in APKs. Second, if a malicious app does slip past Bouncer, it can be reported to Google.
In the 1980s when Apple was busy suing DRI over GEM, XFree86 didn't exist yet.
Just because Android's package format is called "APK" doesn't mean you can use a hosts file. A workaround is to use a firewall app with a DNS filter, and then plug your hosts file into that. I haven't tried NoRoot Firewall to see whether it supports a hosts file, but it does show that a firewall is possible without rooting.
And rightfully so, considering Apple designs their own processors and codes the drivers now.
Learning HOW to think is more important than learning WHAT to think.
You're forgetting the difference between a flaw and the path to exploiting a flaw. The flaw can exist in silicon, but it needs software to exploit it. You can safely run flawed code all day if you are in tight control of the software executing on the system. It isn't until you run untrusted code that you have a problem.
This is why Java is such a vector. Once you connect it to a browser, you're blindly running someone else's untrusted code on your JVM.
When Java is used in an EE environment, not hooked to a browser, then it is much safer simply because exploit code doesn't have a path to any flaw.
Learning HOW to think is more important than learning WHAT to think.
I also hear that MS-DOS has never been attacked on a smart phone.
but there is no (known) privilege exploit that allows a userland application to get full privileges.
If the cost of that is not being able to access the damn filesystem and having everything running in it's own little isolated compartment, I'll just use Android and try not to install malicious apps thanks.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
...especially when the real problems are 500 billion companies Samsung and Verizon.
I'm oddly finding myself thinking that this exploit could actually be used to enhance security on phones with locked bootloaders and unreliable updates from their manufacturers. I'm seriously considering buying an Axon 7, because the hardware looks great. But if I can't install ROMs to keep the thing current on security updates, I don't want it. To tell the truth, even if ZTE were to provide timely updates for the first 2 years, I'd be seriously on the fence. My current phone, a Nexus 4, is no longer supported by Google, but I still have it up to date thanks to its unlocked bootloader. I don't know if Google likes that or not, but I suspect they're fine with it. ZTE, on the other hand, would definitely prefer for me to shove the thing in a drawer and buy a new one after two years, which sucks - but happens to coincide nicely with content providers that don't want you to have root access. We've reached the point where buying new hardware in order to keep up with new OS features is a losing game, and the industry needs to learn to live with a 5 year upgrade cycle - cause that's where it's going, if only consumers would insist on it...
Posted from my Android phone. Oh, I can change this? There, that's better...
Find the root image for your device on the XDA developers site.
My android gets its security updates every month. Nexus 6P updated just a couple days ago, with the Aug update. I expect another one in Sept, probably one that fixes this one. Let me know when Apple ships timely monthly updates.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
But hey, at least owners of these devices have a super easy path to root without need to flash any special image.
Because the hosts file is inside /system, the device needs to be rooted in order to adb push a modified version. And that's if Android's networking stack even uses it; this comment claims that at least some versions do not.
I think the only way you can possibly make any so-called 'smartphone' secure, is to have a hardware switch that puts the entire phone into 'read only' mode, so nothing new can be installed on it. They're like cheap swisscheese: more holes than cheese. I think I'll just keep sticking with cheap-ass $50 flip-phones. If something happens to it I can break it in half, toss it into the e-waste bin, and go get another one and nothing of value is lost. At least I don't become an unwilling participant in someones bot-net this way.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Well... technically any virus attacking MS-DOS but accidentally hitting a Nokia 9000 communicator could probably be counted under the category "MS-DOS" on a smartphone.....
I think you misunderstand what "up to date" means...
1. Unless you're positve of the clean & germ-free source, you are making an inherently risky move in installing a Marshmallow ROM or whatever reverse-engineered AOSP clone is floating out there.
2. Speaking of reverse-engineering, taking the ICS 4.0.x drivers and tweaking them to work with Marshmallow does not constitute a good security patching policy.
The updates spoken of here are not merely OS-baked-in ones, but also any actual firmware updates for radio, touchscreen, etc. These are almost never touched by modders and certainly never patched for security reasons.
Full disclosure, I do root & ROM as well, but I accept certain security risks in doing so that I mitigate otherwise.
Try again. Literally the first thing on adaway's front page: https://adaway.org/
yeah, if you can get that smartphone to read that floppy disk with the virus on it and executing that .COM file.
Well, it seemed to me when I first read the summary that it was a hw problem.. It's not. it's drivers provided by qualcomm.. If apple was using the same drivers they'd be just as blameless as google is.
Yes they would; however, a YUGE percentage of Slashdotters would still blame Apple, just because.
Don't even try to deny it. Seen it happen too many times...
Have you ever heard Apple make the excuse that it's the fault of a third party driver when there is a security issue with iOS? I doubt that Apple would accept any binary only drivers from someone who produces its chips.
Apple tends to roll their own drivers, even for third-party chips.
The Apple haters will be silent tonight
Unfortunately not.
iOS devices don't have a user accessible file system. FULL STOP! You can't even download an MP3 file from a website using Safari on iOS. That right there makes it complete shit for anyone with more than half a brain. And that's why I won't ever use an iOS device. I prefer not to suck iTunes dick every time I want to transfer a file to my device.
Bullshit, Bullshit, Bullshit.
While it is true that iOS doesn't directly provide access to the file-system heirarchy, there are Apps, such as GoodReader, that for the most part provide excellent file-management and file-transfer functionality.
And as far as "can't download an MP3 from Safari", that is TOTAL bullshit. I just tested exactly that on iOS 9 on my iPhone 6+. No iTunes involved (and BTW, there is no "iTunes", per se, on iOS).
It could receive e-mail. Or you could surf a malicious web page.
but there is no (known) privilege exploit that allows a userland application to get full privileges.
If the cost of that is not being able to access the damn filesystem and having everything running in it's own little isolated compartment, I'll just use Android and try not to install malicious apps thanks.
So, you are actually arguing against robust sandboxing? In 2016? On a Mobile Device?
Most users (yes, even Android Users) couldn't care less to paw through a filesystem heirarchy. In fact, the decision to make each app manage its own files in iOS was not borne out of some need to "lock down" user-choice; but rather, to keep a simple device simple for NON-computer-savvy people to use.
That's what you idiots need to get through your pin-heads: Not everyone is comfortable traversing a full-blown filesystem. In fact, even advanced users occasionally (more than they would admit) have to search for stuff they have "misfiled" on their computers.
My android gets its security updates every month. Nexus 6P updated just a couple days ago, with the Aug update. I expect another one in Sept, probably one that fixes this one. Let me know when Apple ships timely monthly updates.
Fortunately, they don't seem to have vulnerabilities du-jour; but when they do, they generally push out an update in a pretty timely fashion, and for MUCH longer than any, or nearly any, Android device.
Don't sideload apps unless you REALLY know what you are doing. You can't even officially DO that on iOS.
Actually, if you have XCode 7, you can. No Jailbreaking needed.
They sued and drove out of business everybody but Microsoft's GUI.
There's this thing called Linux. I'd recommend taking a look at it.
Not strong enough.
There's this thing called Prozac. I'd recommend him taking a look at it.
hey sued and drove out of business everybody but Microsoft's GUI.
They sued the FUCK out of Microsoft, too. Or did you conveniently forget that fact?
XFree86, no but X did exist though
Except Android doesn't use /etc/hosts. That's a function of the stub resolver in the C library you use, and the Android C library simply doesn't support it.
But, but, don't all the Slashtards and Fandroids crow about how Android == Linux, and how Android's popularity (mostly because of the proliferation of shitbox throwaway freephones) somehow means that Linux has some insanely-high marketshare?
So, I guess Android == Linux only for certain limited values of "equals", right?
Can you download pictures and videos via Safari? no
So they don't have to if they don't want to. The point is really the fact that the option is useful to some people.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Well, I'm guessing you wouldn't advise leaving my N4 on the last-supported Kit-Kat version. I'm using Cyanogenmod 13, which is a pretty well-known commodity. It may have some of its own bugs, but it also has some of its own security enhancements - like the ability to turn root on and off on demand.
Posted from my Android phone. Oh, I can change this? There, that's better...
Can you download pictures and videos via Safari? no
First, I assume you mean MOBILE Safari.
Second, you have moved the goalposts; but I would imagine it depends on certain factors. However in Mobile Safari, if I "long-tap" on an Image, it brings up a contextual menu. One of the selections is "Save Image". If I choose that, the image (picture) goes to my "Photos" library. Sounds "Downloaded" to me.
With videos, it appears you cannot download from Safari directly; however, GoodReader has web-browsing capabilities, and you can certainly Download (and Play) directly from that App. So, obviously, iOS doesn't keep you from Downloading video; they just didn't build that into Mobile Safari (that I know of). Chrome may allow it directly, although it doesn't seem to.
So, out of the 3 examples, 2 were able to be handled by Mobile Safari directly, and one with a readily available and very popular App.
If that's too hard for you, may I recommend a Flip-phone?
So they don't have to if they don't want to. The point is really the fact that the option is useful to some people.
The option to what, exactly? Pull down their pants and wag their nekkid ass in the air, waiting for the next available hard dick? Because that's about the equivalent to what you are touting as a "useful option".
If the cost of that is not being able to access the damn filesystem and having everything running in it's own little isolated compartment, I'll just use Android and try not to install malicious apps thanks.
But that isn't the cost of it, the fact that not every process should be able to just run with root privileges whenever it wants is a pretty fundamental part of any modern operating system and indeed is not incompatible with the ability to access the filesystem.
It's not about monthly updated, it's about timely updates for critical security issues like this one, irrespective of the platform. I'm not sure what you mean when you say "timely monthly" updates.
Can you download pictures and videos via Safari? no
First, I assume you mean MOBILE Safari.
Based on the thread context, why would you infer otherwise?
Second, you have moved the goalposts; but I would imagine it depends on certain factors. However in Mobile Safari, if I "long-tap" on an Image, it brings up a contextual menu. One of the selections is "Save Image". If I choose that, the image (picture) goes to my "Photos" library. Sounds "Downloaded" to me.
Odd. I just tried this using my wife's iPhone 6+. There's no context menu popping up when I long press an image. Tried this with the same image on my Android phone and I get the expected context menu.
With videos, it appears you cannot download from Safari directly; however, GoodReader has web-browsing capabilities, and you can certainly Download (and Play) directly from that App. So, obviously, iOS doesn't keep you from Downloading video; they just didn't build that into Mobile Safari (that I know of). Chrome may allow it directly, although it doesn't seem to.
This is what irks me: why do I need a separate app for this when every other computing environment (eg Windows, Linux, Mac OS, Android) doesn't?
If that's too hard for you, may I recommend a Flip-phone?
Based on your ad homenim it's quite clear you place a high personal identity towards your phone environment. You may want to reconsider your priorities.
Odd. I just tried this using my wife's iPhone 6+. There's no context menu popping up when I long press an image. Tried this with the same image on my Android phone and I get the expected context menu.
Try a different site. Apparently, image saving in Safari can be blocked for copyright etc.
But this is how you do it. This must be from an earlier version of iOS, because my popup menu had a few more selections. But it is essentially the same.