Security flaw affects 900 million Android devices
In a recent report, Quadrooter – a set of four vulnerabilities or security flaws – has affected all Android devices functioning on Qualcomm chipsets.
Through the use of these loopholes, hackers can easily manipulate the user’s phone and its activities.
This flaw was discovered by security firm, Checkpoint Software Technologies and was later revealed by them at an annual security conference, DEF CON 24 in Las Vegas, Nevada.
Security firm’s lead mobile security researcher, Adam Donenfield said at the conference, “During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.”
Most android devices have been affected by this including the latest Google Nexus 5X, Moto X, Samsung Galaxy S7 and even BlackBerry DTEK50.
After this issue was pointed out, it followed the protocol laid down by CERT-CC (Computer Emergency Response Team Coordination Centre) wherein, Qualcomm received a time period of up to 90 days to patch the issues and distribute them to OEM’s and network carriers.
This has obviously raised grave concerns regarding the security among users as well as authorities.
“Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered,” the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) were quoted by CNN.
“There are significant delays in delivering patches to actual devices — and older devices may never be patched.”
However, Qualcomm responded by pointing out that they had fixed all the flaws and issue patches to all phone manufacturers and network carriers between April and July.
Three out of four patches had been integrated into the latest monthly Google Security Bulletin in July. The last patch will arrive in the August Security bulletin. But phone manufacturers can patch the flaw early on because Qualcomm has already shared the code with them.
Michael Shaulov, head of mobility product management at Check Point told ZDNet, “No-one at this point has a device that's fully secure. That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google.”
The only way out of this mess is to either install Android updates as soon as they are available or switching to another device that offers a definite security app. Check Point has advised users to refrain from installing “side-loading” apps to avoid malicious activities from taking place on their device.