A new security risk has hit the Android ecosystem, in the form of a vulnerability called QuadRooter. The discovery and disclosure of the vulnerability was made by researchers at security firm Check Point, and all of the devices affected have something in common; they are powered by Qualcomm chipsets.
According to Check Point, QuadRooter is a set of four vulnerabilities, any of which an attacker can use to root an Android device, trick users into installing malicious apps unsuspectingly and escalate the security privileges of those apps.
The vulnerability currently affects over 900 million Qualcomm-powered Android devices, including the Blackberry DTEK50 which bears the title of World’s most secure Android smartphone. Devices affected include the:
- Blackberry DTEK50
- Blackberry Priv
- Blackphone 1 & 2
- Google Nexus 5X, 6 & 6P
- HTC 10 and One M9
- Moto X (2016)
- Oneplus 3
- LG G5
- Samsung Galaxy S7 and S7 Edge
Check Point actually discovered the vulnerability back in April and informed Qualcomm, which released patches to OEMs of the affected devices. The patches were integrated into the July edition of the monthly Google Security Bulletin, but only three of the four flaws have been fixed, with the fourth to be fixed in September.
Check Point has promptly released an Android application in the Google Play Store that can check if your device is affected by the vulnerability or not. Download the app QuadRooter Scanner App here.
Perhaps if this had happened to iOS rather than Android and delayed till October, Check Point could have won $200,000 in the Apple Bug Bounty Program!.