Security is a big issue in this modern world, day to day many vulnerabilities are coming to light. Now more than 900 million android devices are under attack and fixing this might not be easy. This is not an operating system vulnerability, But a Qualcomm Chipset driver vulnerability. Devices having Qualcomm inside are at risk.
What is QuadRooter?
QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device. Attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.
List of some branded devices which are under attack
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
- OnePlus One, OnePlus 2 and OnePlus 3
- Google Nexus 5X, Nexus 6 and Nexus 6P
- Blackphone 1 and Blackphone 2
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- BlackBerry Priv
- CVE-2016-2503 discovered in Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.
- CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google’s Android Security Bulletin for August 2016.
- CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.
- CVE-2016-5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.
Check whether your device is vulnerable or not:-
Install Quadroot scanner from the play store and then scan if you are lucky enough you might not be vulnerable. If you are vulnerable you need to take care of your device
How to protect your device
1> Install apps from playstore only.
2> Update your phone regularly.
3> Understand the risks of rooting your device – either intentionally or as a result of an attack.
4> Avoid using public and unsafe Wifi.
5> Check your apps permission manager. if you think something is not up to the mark just uninstall it
The last thing you can do is just wait till your manufacturer provides the security patch for this vulnerability.