A new software vulnerability has been discovered, which may have affected over 900 million Android devices. On Monday, Security firm Check Point published its finding on the QuadRooter bug, having discovered in April the bug originates from Qualcomm chipsets.
Devices including the BlackBerry Priv, Samsung Galaxy S7, HTC 10 and Nexus 6P are among those at risk for acquiring the bug; however, the reports also indicate QuadRoot has not been used to attack smartphones in the public space. No attacks have been surfaced. Qualcomm claims it has been working since April to roll out security patches to address QuadRoot. Another round of software updates are expected to go through carriers in September.
However, with the flaw not fully resolved, there is always the chance that QuadRoot could affect Android devices. The vulnerability is found within preinstalled drivers on Qualcomm chipsets, which attackers can use to trick users into installing a malicious app. The apps would not require special permissions, making it easy for setup to go undetected.
Once infected, an attacker can use QuadRoot to gain root access to a device and take control of personal and enterprise data stored on smartphones, according to Check Point. Other nefarious actions that can be performed through QuadRoot include keylogging, GPS tracking, and recording video and audio.
What Android smartphones are at risk for being infected with QuadRoot?
Here is a more comprehensive list of smartphones that could be vulnerable to the flaw.
BlackBerry Priv Blackphone 1 and Blackphone 2 Google Nexus 5X, Nexus 6 and Nexus 6P
HTC One, HTC M9 and HTC 10
LG G4, LG G5 and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2 and OnePlus 3
Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra
How will I know if my smartphone is infected with QuadRoot?
Users likely won’t know whether their devices is infected with QuadRoot through everyday use. However, Check Point has developed an application called QuadRoot Scanner , which can detect the flaw on devices.
Chances are, devices won’t be at terrible risk of acquiring this bug due to Android’s Verify Apps feature, which prevents users from installing apps with malware or malicious code. Devices running Android 4.2 or later include this feature, meaning over 90 percent of Android devices have this first line of defense.
What you can do to protect your Android smartphone
- As with many of the Android vulnerabilities discovered in recent months, including ‘ Godless ’ and ‘ Hummingbad ,’ Check Point recommends users not install applications from third party app stores or manually sideload applications onto devices.
- Users should also consider not rooting their devices. Even if a user legitimately establishes root access to their device, it can be at risk to outside attackers.
- Be wary for random installation requests that come onto a smartphone and be aware of the permissions apps ask to be granted on a smartphone.
- Only use verifiable Wi-Fi sources.
- Update your device to the latest Android software (Android 6.0 Marshmallow), if possible.