QuadRooter vulnerabilities leaves 900 million Android devices at risk of attack

Over 900 million Android smartphones and tablets are vulnerable to cyberattacks, as they contain a set of four vulnerabilities dubbed QuadRooter.

These flaws were found in devices that use Qualcomm chipsets, Check Point revealed at this year’s DEF CON 24 Hacking Conference in Las Vegas.

It stated that if any of the four vulnerabilities are exploited by cybercriminals, it can give them access to smartphones and tablets.

In other words, QuadRooter allows for cybercriminals to “trigger privilege escalations for the purpose of gaining root access to a device”.

“An attacker can exploit these vulnerabilities using a malicious app,” explained Adam Donenfeld, lead mobility security researcher at Check Point.

“Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.”

Commenting on the news, Qualcomm, which specializes in 3G and next-generation mobile technologies, said that it was notified of the vulnerabilities earlier this year.

It responded with patches for all four of the vulnerabilities between April and July.

However, as Check Point observes, because the flaws are already present in the affected devices “at the point of manufacture”, the process for resolving the problem isn’t straightforward.

Mr. Donenfeld explained: “They can only be fixed by installing a patch from the distributor or carrier.

“Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.”