Quadrooter: 900m Qualcomm Android phones vulnerable to security flaw

The latest set of smartphone nasties floating around the internet has a pretty cool name, but could very well leave your own phone at risk. Dubbed Quadrooter, the set of four flaws affect all Qualcomm-powered smartphones running Android, which means around 65% of the LTE smartphone market, or 900-million smartphones in total.

According to CheckPoiunt, the vulnerabilities could leave users’ devices rooted, and open to remote access. These vulnerabilities can be targeted through the installation of a malicious app. But only one vulnerability needs to be exploited. In that event, an “attacker can trigger privilege escalations for the purpose of gaining root access to a device,” security company CheckPoint explains.

Once the device is compromised and rooted, the attacker can gain access to the device remotely, and that includes personal data, and functions like the microphone and cameras.

Quadrooter affects around a billion devices running Qualcomm chips, from the LG G4 to the Samsung Galaxy S7 to the BlackBerry PRIV

“Any Android device built using these chipsets is at risk. The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices,” CheckPoint adds.

These devices include phones like the HTC One M9 and HTC 10, the LG G4 and LG G5, the Samsung Galaxy S7 and S7 Edge and the OnePlus range, among the likes of Google’s own Nexus devices. It also affects the touted super-secure BlackBerry PRIV, the BlackBerry DTEK50 and BlackPhone range.

And as far as fixing the issue, it seems that both Qualcomm and Google may leave consumers waiting for a fair bit. CheckPoint explains that the flaws can only “be fixed by installing a patch from the distributor or carrier”, this being Google, Qualcomm, your mobile network provider or your device’s manufacturer.

“Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.”

Google has previously fixed the first three flaws, and noted that the fourth flaw will be patched in September, while Qualcomm suggests that it has also provided code that patch the flaws. But this doesn’t mean that all users will receive these updates immediately, or perhaps ever.

As for keeping your personal device safe until those patches arrive: be sure to deselect the “Unknown Sources” security checkbox, allowing your device to install apps from untrusted sources. You may also do well to enable the “Verify Apps” checkbox, which will allow Google to warn you of a possible malicious download.