Scope of QuadRooter
Security researchers have uncovered four new vulnerabilities named QuadRooter that could potentially exploit 900 million Android devices. The information was made available at this year’s DEF CON 24 conference in Las Vegas.
All target systems run Qualcomm chipsets. The exploits target the specialized software drivers that are included in the kernel. This critical part of the Android system controls the data flow between the main hardware components (the chipset) and the operating system. The drivers are preinstalled on the devices and the only way to fix these types of vulnerabilities is to install a patch from the manufacturer or carrier.
The exploits triggers privilege escalations and full root access to the whole system of the affected devices. This makes QuadRooter a very dangerous type of malware that could be used to gather sensitive information and spy on the users in real time. Such vulnerabilities also give access to the built-in microphones and cameras which leads to serious privacy concerns.
The infection can be spread by a malicious application install. These kinds of applications do not require special permissions and that makes them difficult to detect.
Affected Devices
Qualcomm has a market share of 65% of all LTE modems. In addition their chipsets are used by most of the flagman devices by the leading smartphone manufacturers. Some of them include the following:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
The Current Status of QuadRooter
There are four reports available concerning QuadRooter in the past few months. The security advisories are also known as CVE’s – Common Vulnerabilities and Exposures:
1. CVE-2016-2503 – Vulnerability found in Qualcomm’s graphics drivers. Fixed in Google’s Android Security Bulletin for July 2016.
2. CVE-2016-2504 – Vulnerability found in Qualcomm’s graphics drivers. Fixed in Google’s Android Security Bulletin for August 2016.
3. CVE-2016-2059 – Vulnerability found in Qualcomm’s kernel module. Fixed in April but patch still not applied.
4. CVE-2016-5340 – Vulnerability found in Qualcomm’s graphics driver. Security researchers are still working on a patch for this issue.
Experts state that while a large number of devices are affected by QuadRooter only a minor portion of them may become infected with the malware. Android users are advised to follow the best security practices in order to protect themselves.
Researchers note that several other issues contribute to the potential damaging effects of QuadRooter. One such problem is the fragmentation of Android – manufacturers are not always able to deliver the latest security updates to all client devices on time. In addition the development of updates for all hardware versions is difficult and requires a lot of time to develop.
Android Security Tips
Security researchers give insight on some of the best security practices that help to reduce the risks of infection by viruses and malware such as QuadRooter:
- Users with older versions of Android should be careful not to install suspicious software.
- Installing applications from sources other than the Google Play Store (the practice of sideloading) is a main cause for malware and virus infections.
- Public Wi-Fi hotspots are vulnerable to a variety of different network attacks that can cause malware and virus distribution.
- Always read carefully the app permissions when installing unknown applications. Review carefully what can occur when using new software.
- Always use trusted networks when entering sensitive information, including passwords for your Google account and other services.
- Install a trusted antivirus and malware protection software.
- Regularly update all installed software from official sources.
And finally always stay informed about the latest security threats.
