Shop OBEX P1 Docs P2 Docs Learn Events
Vulnerability Exposes 900M Android Devices—and Fixing Them Won’t Be Easy — Parallax Forums

Vulnerability Exposes 900M Android Devices—and Fixing Them Won’t Be Easy

Ron CzapalaRon Czapala Posts: 2,418
edited 2016-08-10 14:48 in General Discussion
https://www.wired.com/2016/08/quadroot-android-vulnerability-qualcomm/

Excerpt:
THE LATEST ANDROID vulnerability to fret about isn’t limited to any particular device, or any specific firmware version. That’s because it doesn’t start with Android at all, but with Qualcomm, the company that provides internal components for hardware manufacturers. Lots of them. In this case, 900 million Android smartphones with Qualcomm inside are at risk, and fixing them will be no easy task.

As security research firm Check Point detailed this week, the vulnerability in question is actually a set of four issues, collectively called QuadRooter, and affects Qualcomm chipsets from manufacturers ranging from HTC to LG to OnePlus to Google, which contracts with other makers for its own Nexus devices. It’s serious; compromised devices would give bad actors root access, meaning they could collect any data stored on the phone, control the camera and microphone, and track its GPS location. It’s like giving someone the keys to your house, then holding the door open for them while they make off with the jewels.

Comments

  • Heater.Heater. Posts: 21,230
    Not a big problem, unless you go out of your way to install dodgy apps.

    http://www.androidcentral.com/quadrooter-5-things-know-about-latest-android-security-scare
  • MikeDYurMikeDYur Posts: 2,176
    I go out of my way to look for apps that require no permissions, or what they specifically need to run. After running the Quadrooter Scanner from the playstore, I got these vulnerability's. I tried over the air programming, but didn't clear them up. I don't like apps that continually ask for updates, and then want more permissions. Going to get rid of everything and make this a dumb phone.
    Screenshot_2016-08-10-13-37-42.png
    720 x 1280 - 84K
  • Heater.Heater. Posts: 21,230
    As as far as I can tell the vulnerabilities are built into the driver software on your phone. They have been there forever, they were not introduced by any apps you have installed.
    They are only exploitable if you ignore a bunch of security warnings and load some dodgy app from some strange place.

    But I agree. The way permissions are handled on phones is terrible. And for that reason I never install any apps.
  • MikeDYurMikeDYur Posts: 2,176
    Thanks Heater, I was almost on a mission.
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    Since the vulnerability comes from Qualcomm components, is it safe to assume they only affect CDMA phones and not GSM phones?

    -Phil
  • Ron CzapalaRon Czapala Posts: 2,418
    Phil Pilgrim (PhiPi) wrote: »
    Since the vulnerability comes from Qualcomm components, is it safe to assume they only affect CDMA phones and not GSM phones?

    -Phil

    Nope - I have a Moto G GSM with a Qualcomm MSM8226 Snapdragon 400 chipset and the CheckPoint app shows it is vulnerable...
  • MikeDYurMikeDYur Posts: 2,176
    @Heater, You were right. I scanned my wife's phone when she got home, it came up with the same problems. And she is a game nut, she will download a game even if it had a whole page of permissions.
  • ercoerco Posts: 20,256
    Unless the free vulnerability app is actually a rootkit...

    Who ya gonna call?
  • MikeDYurMikeDYur Posts: 2,176
    erco wrote: »
    Unless the free vulnerability app is actually a rootkit...

    Who ya gonna call?



    If someone is looking through my camera, they could see this comming.

    BTW: It comes with the engineers short course on proper usage.
    4 Pound Sledge Hammer.jpeg
    1206 x 720 - 67K
Sign In or Register to comment.