900 million Android devices, is the estimate that has made Check Point (and you’ve probably seen dozens of headlines) regarding the number of devices that are vulnerable to QuadRooter, a bug that affects devices that have a Qualcomm chip. But what is the problem of security? Is it as dangerous as it looks?
What is “QuadRooter”?
Check Point, a computer security company, presented this weekend at the conference DEF CON 24 the results of its recent research on the LTE Qualcomm chips (which, as they themselves indicate, are now present in 65% smartphones and tablets Android market).
In the report of its investigation, provide some detail about QuadRooter. Specifically, they explain that they are four vulnerabilities found in drivers Qualcomm chips that come pre – installed on each device that use them .Affected modules, according to the company details are router IPC (interprocess communication components Qualcomm), Ashmem (system memory allocation), kgsl and kgsl_sync (related to graphics drivers).
If an attacker fails any of these four security flaws can achieve root access and therefore completely control your device and everything in it. They could see for example the stored information or proceed to the “active listening” to monitor what you write on it or your position by GPS.
How I can “infect”? Should I worry?
According to Check Point: “An attacker can exploit these vulnerabilities using a malicious app These apps do not require special permits to exploit these vulnerabilities, reducing any suspicion that users may have to install them.” The reality is a bit less spectacular.
For someone to use QuadRooter to take control of your device, various circumstances have to be at the same time:
- Use your device drivers vulnerable (You can skip to the next section to check).
- That you download a malicious app on your own (so far not been detected infected apps on Google Play and, since Google was notified in April problem, possibly will be very aware that none is strain).
- That, to download the app, activate the possibility of downloading applications from unknown sources (disabled by default).
- And that also have disabled the functionality “Verify Applications” (a “safety filter” in Android 4.2 or above that Google has possibly added the ability to detect these malicious apps).
While Google has not confirmed that both Google Play and its “Check Applications” are closely monitoring that can not squeeze through apps that take advantage of that vulnerability (albeit the most logical since they were warned months ago), for an attacker to use these flaws to gain control of your device would be necessary for you installs before an infected application.
To all this it must be added that, at least for now, have not been detected infected apps.
How do I know if my device is vulnerable?
As I said, the problem (rather) is present on devices with Qualcomm LTE chips. Check Point has launched an application to quickly scan your phone or tablet and check, whether drivers actually used affected. The application is in English yes and does not solve anything (however much they try to sell you), simply serves to know if your device is vulnerable or not.
If it is, do not be surprised: as Check Point terminals affected belong to brands such as Samsung, HTC, Motorola and LG. These include, for example, Nexus (5X, 6 and 6P), LG 5, the HTC 10, the OnePlus (One, 2 and 3), the BlackBerry Priv and Galaxy S7, although more models.
What I can do to fix it?
To fix this , little. Only Google and your phone manufacturer can fix with a patch that fixes four bugs . Since Qualcomm say they have already fixed the problem and the solution distributed. Three security flaws even already been patched with the monthly security update of Google, while the fourth will come with the September update to Nexus devices.
Patches for other manufacturers and models are a different matter and could take months. In fact, it’s something critical Check Point in its report:
Why does this keep happening? Supply chain
Providers, like manufacturers of chipsets, modules provide hardware and software needed to make phones and tablets. Manufacturers (OEMs) combine these modules software, Google Android builds and your own customizations to create a unique Android created for a particular device. The distributors sell devices, often including their own customizations and applications, and creating another one version over Android. When a patch is required, they must move through this supply chain to the end user device. This process takes weeks or even months.
You may also like to read another article on improtecinc: It’s here the seventh generation of AMD processors APU updated with Bristol Ridge and Stoney Ridge
To prevent anyone can use it on my device?
Evita download unknown applications developers with few downloads in Google Play but, above all, avoid download applications from other sources on your own.
So is it both?
QuadRooter there and yes, if someone wanted to, under certain circumstances could take advantage of it, that nobody doubts it. Now, is it cause for public alarm believed? To Check Point these security flaws are very serious, but it is expectable since their research and are in the business of security. Others do not see it that way and I quote, for example, Andreas Proschofsky, editor of specialized media in Open Source Standard :
Why everybody screams so loudly about QuadRooter when questions? Simple: Check Point did a great job of marketing. They have created an app, they have chosen wisely a headline for your blog and told that nobody would watch closely. They also made sure that his report was published before the bugs are fixed, so that each and cad one of the devices show a “vulnerable” when users use their app to maximize the fear factor. And you cannot really blame them (well, yes, maybe for the last part because it is unprofessional) because the end is how are you companies operate: find bugs and try to advertise their best to get people to buy for fear their products. The real problem here is that everyone is falling because it gives a great and alarming headline.
In theory, 900 million devices are vulnerable, but the key is in the “in theory”. If you do not download extraneous applications from outside Google Play, for now you’re safe.
The “real” problem: security updates in Android
Leaving aside the specific issue of these vulnerabilities, which reveals itself QuadRooter is all the work that Google and manufacturers are ahead in regard to security updates Android. Qualcomm was notified of the problem in April 2016, which confirmed the rulings and distributed a patch to manufacturers, but still is not solved in August.
The partial solution for terminals Nexus has arrived in the Android security update this month, and will be completed in September. But what about the rest of phones used Qualcomm chips? These have not yet received solution to this problem and might even not come for weeks or even months. And that, in this case as in many other previous security problems, it is a real vulnerability.Tags: Android, QuadRooter