Slashdot Mirror

← Back to Stories (view on slashdot.org)

900M Android Devices Vulnerable To New 'Quadrooter' Security Flaw (cnet.com)

Posted by EditorDavid on from the Def-Con-dispatches dept.

An anonymous Slashdot reader quotes a report from CNET: Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device. The set of vulnerabilities, dubbed "Quadrooter," affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws. An attacker would have to trick a user into installing a malicious app, which wouldn't require any special permissions. If successfully exploited, an attacker can gain root access, which gives the attacker full access to an affected Android device, its data, and its hardware -- including its camera and microphone.
The flaw even affects several of Google's own Nexus devices, as well as the Samsung Galaxy S7 and S7 Edge, according to the article, as well as the Blackberry DTEK50, which the company describes as the "most secure Android smartphone." CNET adds that "A patch that will fix one of the flaws will not be widely released until September, a Google spokesperson confirmed."

20 of 129 comments (clear)

  1. Rooted phone? by Razed+By+TV · · Score: 5, Insightful

    Does this mean I might get to root my otherwise unrootable phone?

    1. Re:Rooted phone? by Wycliffe · · Score: 4, Interesting

      Does this mean I might get to root my otherwise unrootable phone?

      I was thinking the same thing. Someone please publish the exploit on github so I can compile it and root my own phone.

  2. Quad Rooter by Anonymous Coward · · Score: 2, Funny

    That's what me and my mates called ur mum, she's pretty skilled taking 4 at a time.

  3. Re:Chalk one up for iOS by markdavis · · Score: 5, Informative

    >"Chalk one up for iOS"

    Um, no.

    1) Don't sideload apps unless you REALLY know what you are doing. You can't even officially DO that on iOS. So if you treat Android like iOS and don't change the default to NOT sideload and ignore all the warnings, then you are probably just fine.

    2) All mine are Nexus and likely to be updated quickly.

  4. Patch not needed quickly... by wbr1 · · Score: 2
    It requires sideloading be turned on to get in. This is off by efault on any sane device. Yes it could get in through the play store, but since google now knows the exploit you can bet all apps are scanned.

    This is mostly fear mongering. Now if you could root my phone with an MMS or some other function that does not require me to turn of security features first, then I'll worry.

    I will worry about all the cheap chinese tabs and phones that come with sideloading (and malware/crapware) installed by default.

    --
    Silence is a state of mime.
  5. Re:Typical Google by scdeimos · · Score: 2
    Um, no...

    QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets.

    http://blog.checkpoint.com/201...

  6. Check your phone by pgn674 · · Score: 2

    Check Point has an app in the Google Play app store that scans your phone for the vulnerabilities: https://play.google.com/store/...

  7. Re:Chalk one up for iOS by Dutch+Gun · · Score: 4, Insightful

    Personally, I've never understood why people pick sides and root for 500 billion dollar corporation X versus 500 billion dollar corporation Y like they're a sports team. Console vs console or console vs PC wars are equally inane to me. Where's the virtue in being wedded to a single platform? Is being techo-polygamous a bad thing?

    Anyhow... considering that this requires installing a malicious app, the chances of most people getting hit with this are pretty low, especially now that app stores know what to look for. These sorts of issues are only a real problem when you can get infected with a drive-by SMS message or something like that.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  8. Re:Chalk one up for iOS by Bing+Tsher+E · · Score: 4, Insightful

    No, I will still hate Apple the company. For who they are and who they have been historically. I've hated them since Steve Jobs stood up on a platform and boasted of the new 'Hacker Proof' Macintosh at product introduction.

    That was in the old days, and hacker had the meaning we all still wish it did.

    Other crimes Apple committed include suing all the third party GUI vendors out of business. They ran the GEM desktop and the GEOS desktop off the market. They sued and drove out of business everybody but Microsoft's GUI. In effect they created the Windows monopoly we have today. Fuckers. Fuck Apple.

  9. Re:Chalk one up for iOS by Zeio · · Score: 2

    I think ALL of us jailbreakers and rooters should celebrate this. Now I might be able to push an adaway hostfile with 875K worth of junk hosts of malware, ads, adware, gambling and other cruft blocked. I cant believe I need to wait for a flaw like this to update the hosts file on the phone I own.

    This weaponizing of opensource software to do things like make it impossible to edit /etc/hosts with malware blocks is unreal.

    --
    Legalize the constitution. Think for yourself question authority.
  10. Re:Chalk one up for iOS by arth1 · · Score: 2

    Where's the virtue in being wedded to a single platform? Is being techo-polygamous a bad thing?

    It increases your attack surface. It's safer to be a serial-monogamist.

  11. Re:Typical Google by epyT-R · · Score: 2

    Well, the GP blamed google.. The language of the summary made it sound to me like it was a fault in the silicon.. Turns out both statements are wrong. It's qualcomm's drivers. I stand corrected.

  12. Re:Chalk one up for iOS by Solandri · · Score: 3, Interesting

    iOS actually has a lot more vulnerabilities than Android. Most of the folks in the press are just enamored by Apple, so they downplay stories about flaws in iOS, while publicizing stories about flaws in Android to try to warp reality to fit their biases.

  13. Does it trip knox? by shione · · Score: 2

    If it doesn't trip knox then someone could retool the exploit to root the phones in a good way.

  14. Re:Chalk one up for iOS by dinfinity · · Score: 4, Interesting

    For me it is not about Google vs Apple, but Android vs iOS and the philosophies behind them.

    I believe in open platforms being better for mankind in the end, warts and all.

  15. Re: Chalk one up for iOS by tepples · · Score: 3, Interesting

    First, Google Play Store has a filter called Bouncer that attempts to detect known malicious attacks in APKs. Second, if a malicious app does slip past Bouncer, it can be reported to Google.

  16. Re:Typical Google by chill · · Score: 2

    You're forgetting the difference between a flaw and the path to exploiting a flaw. The flaw can exist in silicon, but it needs software to exploit it. You can safely run flawed code all day if you are in tight control of the software executing on the system. It isn't until you run untrusted code that you have a problem.

    This is why Java is such a vector. Once you connect it to a browser, you're blindly running someone else's untrusted code on your JVM.

    When Java is used in an EE environment, not hooked to a browser, then it is much safer simply because exploit code doesn't have a path to any flaw.

    --
    Learning HOW to think is more important than learning WHAT to think.
  17. Re:To what end? by swillden · · Score: 2

    you should already be doing like installing apps only from trusted sourced and running a malware scanner

    You don't need a third party malware scanner. Just turn on the built in Verify Apps.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  18. Re: Typical Google by macs4all · · Score: 2

    Have you ever heard Apple make the excuse that it's the fault of a third party driver when there is a security issue with iOS? I doubt that Apple would accept any binary only drivers from someone who produces its chips.

    Apple tends to roll their own drivers, even for third-party chips.

  19. Re:Easy Way to Root by Razed+By+TV · · Score: 2

    My bootloader is locked : (