Qualcomm is a leading supplier of chipsets in the Android ecosystem, and newly revealed flaws in its hardware could lead to nightmarish security breaches for the owners of reportedly more than 900 million Android devices. If leveraged, the vulnerabilities — dubbed Quadrooter — could hand over complete access to a device to an attacker, including all of its data, as well as access to the camera, microphone and even the GPS tracker.
In a presentation delivered Sunday (August 7) at the Def Con security conference in Las Vegas, Adam Donenfeld, a Senior Security Researcher from the Israeli security firm Check Point explained that QuadRooter attacks in a more covert manner than most malware. Unlike other apps and malware, QuadRooter flaws can be leveraged silently, without the user authorizing app access permissions.
Qualcomm's chips are found in some of the latest and most popular Android devices, including the Samsung Galaxy S7 and S7 Edge, as well as the Google Nexus 5X, 6 and 6P. The QuadRooter flaws also affect the BlackBerry Priv, Moto X and HTC's One, M9 and 10.
A Qualcomm spokesperson says the company already performed its role in this process, issuing patches to its partners between the months of April and July. While most of these updates have supposedly been pushed down to devices, QuadRooter is still a danger because one fix is still waiting in the wings, expected to deploy in Google's September batch of monthly security updates.
So how can you protect your devices?
First, check to see if your Android phone or tablet is at risk by downloading Check Point's QuadRooter Scanner. Then, make sure to accept and install Android updates as they become available to your device by opening Settings, scrolling down to About Phone and check for System Updates.
Lastly, as we always recommend: do not set your device to install apps from unknown sources. The Google Play app store is more reliable for finding trustworthy software.