Researchers at Check Point® Software Technologies have released details of four vulnerabilities, which they have dubbed ‘QuadRooter’, that affect Android™ smartphones and tablets built with Qualcomm® chipsets.
Any one of these vulnerabilities could be exploited by a malicious app downloaded onto the user’s device which, without their knowledge, would allow the attacker to gain full access to the phone. Considering the significant amount of personal and business data we store on our connected devices, this has major security implications.
According to Check Point, some of the Android devices that contain this chipset and which are therefore at risk include:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
How to protect your Android device from QuadRooter
If you own one of these handsets, it does not mean that you have been the subject of an attack that gains control over your device. For the attack to be successful, it must download the malicious app that takes advantage of one of these four vulnerabilities to your device.
Ensure you update your handset with any security patches available for the issue. For example, Qualcomm has already released a fix for all four vulnerabilities while Google has released patches for three of the four, with the final fix expected in the very near future.
In addition, there are four steps you can take to make sure your device is as secure as possible:
- Your device should automatically prompt you to download and install the latest available updates. Tip: make sure you have a wi-fi or broadband connected before downloading as some updates can be large.
- Only download apps from official apps stores such as Google Play. Avoid sideloading apps, such as when you are offered an app on a web site. To ensure you get the authentic app, go to the Google Play store directly and download it from there. This reduces the risk of getting a malicious app by accident.
- Switch on the “verify apps” function in your Android settings. This means that even if you do download an app from somewhere else, this feature will check with the official app store to make sure it’s compliant.
- Protect your device with antivirus software such as AVG AntiVirus for Android and make sure you keep it updated. Should an attacker use the vulnerability to plant the malware on your phone or tablet, an up-to-date antivirus program will detect and prevent its execution.
The best advice I can give is not to panic and not to be complacent. Vulnerabilities like this are actually relatively common and taking preventative action quickly will help protect your devices and your data from unnecessary risk.
Tony Anscombe
August 18, 2016
September 14, 2018