Software Integrity

 

Up to 900 million Android phones vulnerable to Qualcomm flaw

Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones.

Dubbed “Quadrooter” by researchers at Checkpoint, the quartet of flaws are in the chip firmware. The flaws could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device.” Once an attacker gains root privileges, malware wouldn’t require special permissions, and could execute without raising user’s suspicions.

Qualcomm makes chips for about 65 percent share of the Android market. Three of the four holes have already been patched. A patch for the fourth is forthcoming.

Phones affected include:

BlackBerry Priv
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6, and Nexus 6P
HTC One, HTC M9, and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2, and OnePlus 3
Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra

Qualcomm said in a statement to Ars Technica: “Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies. We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open-source community between April and July. The patches were also posted on CodeAurora. QTI continues to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities.”