Security Market Segment LS
Monday, 08 August 2016 08:37

Quadrooter affects at least 900 million Android smartphones Featured

By

Four vulnerabilities have been discovered in premium Qualcomm LTE, 4G chipsets that can give an attacker complete control of an Android smartphone or tablet.

Enterprise security vendor Check Point has disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm LTE chipsets. It calls the set QuadRooter and presented its findings at DEF CON 24 in Las Vegas.

Before you say it is Android’s fault – it is not. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.

In theory, an attacker would simply have to use a malicious app requiring no special permissions to exploit the security holes. QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording of video and audio.

Some of the latest Android devices use these chipsets, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

The problem is that these vulnerabilities are closely linked to the chip design. New device drivers will need to be developed and will need to be incorporated into the version of Android on each affected device, tested by carriers, and finally rolled out. In other words, the entire supply chain from chip to the carrier needs to co-operate, then users need to install the patches – a big ask.

Check Point has provided advice on Android security

  • Download and install the latest Android updates as soon as they become available. These include important security updates that help keep your device and data protected.
  • Understand the risks of rooting your device – either intentionally or as a result of an attack.
  • Examine carefully any app installation request before accepting it to make sure it’s legitimate.
  • Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, practice good app hygiene by downloading apps only from Google Play.
  • Read permission requests carefully when installing any apps. Be wary of apps that ask for permissions that seem unusual or unnecessary or that use large amounts of data or battery life.
  • Use known, trusted Wi-Fi networks.
  • End users and enterprises should consider using mobile security solutions designed to detect suspicious behaviour on a device, including malware that could be obfuscated within installed apps.

It has provided an app to check if a device is at risk: Use the tool here.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Ray Shaw

joomla stats

Ray Shaw [email protected]  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments