Four newly discovered Android vulnerabilities can give attackers complete control of devices and access to sensitive personal and enterprise data on them
Mobile researchers from Check Point Software Technologies announced four new vulnerabilities affecting over 900 million Android smartphones and tablets at Def Con 24 in Las Vegas.
In his presentation at Def Con 24, Check Point lead mobile security researcher Adam Donenfeld revealed four major vulnerabilities affecting Android devices built using the Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets, with a 65% share of the LTE modem baseband market in the Android ecosystem.
Check Point calls the set of vulnerabilities QuadRooter. If exploited, the vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.
The vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. An attacker can exploit these vulnerabilities using a malicious app. This app would require no special permissions to take advantage of the vulnerabilities, which means it would not make users suspicious. The estimated 900 million affected devices include these models:
- Samsung Galaxy S7 & S7 Edge
- Sony Xperia Z Ultra
- Google Nexus 5X, 6 & 6P
- HTC One M9 & HTC 10
- LG G4, G5 & V10
- Motorola Moto X
- OnePlus One, 2 & 3
- BlackBerry Priv
- Blackphone 1 & 2
Since the vulnerable software drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the device’s distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.
Check Point has released a free QuadRooter scanner app, available from Google Play, that enables Android users to find out if their device is vulnerable, and prompt them to download patches for the problem. The link will be also available from http://blog.checkpoint.com/
Michael Shaulov, head of head of mobility product management for Check Point said: “Vulnerabilities like QuadRooter bring into focus the unique challenge of securing Android devices, and the data they hold. The supply chain is complex, which means every patch must be added to and tested on Android builds for each unique device model affected by the flaws. This process can take months, leaving devices vulnerable in the interim, and users are often not made aware of the risks to their data. The Android security update process is broken and needs to be fixed.”
Check Point recommends the following best practices to help keep Android devices safe from attacks that try to exploit any vulnerabilities:
Download and install the latest Android updates as soon as they become available.
Understand the risks of rooting devices – either intentionally or from an attack
Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, download apps only from Google Play.
Read permission requests carefully when installing any apps. Be wary of apps that ask for permissions that seem unusual or unnecessary, or use large amounts of data or battery life.
Use known, trusted Wi-Fi networks or while traveling use only those that you can verify are provided by a trustworthy source.
End users and enterprises should consider using mobile security solutions designed to detect suspicious behavior on a device, including malware that could be obfuscated within installed apps.
Check Point researchers provided Qualcomm with information about the vulnerabilities in April 2016. The team then followed the industry-standard disclosure policy (CERT/CC policy) of allowing 90 days for Qualcomm to produce patches before disclosing the vulnerabilities. Qualcomm reviewed these vulnerabilities, classified each as high risk, and has since released patches to original equipment manufacturers (OEMs).
Full details of the vulnerability, including the link to the free Check Point QuadRooter scanner app, and the detailed research report about the vulnerabilities, will be available on the Check Point blog from 23:00 GMT, Sunday, August 7: http://blog.checkpoint.com/
Follow Check Point via:
Check Point Blog: http://blog.checkpoint.com/
Twitter: http://www.twitter.com/checkpointsw
Facebook: http://www.facebook.com/checkpointsoftware
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
YouTube: http://www.youtube.com/user/CPGlobal
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is the largest network cyber security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises – from networks to mobile devices – in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organisations of all sizes.