Over 900 Million Android Devices Vulnerable to Quadrooter

Android smart devices are making news again. This time those that were shipped with a Qualcomm chip have four vulnerabilities with which to be concerned. More than 900 million smartphones and tablets are affected by what is being called Quadrooter. Three of these flaws were addressed and fixed in the latest set of security updates from Google. However, one of them won’t be fixed until September. And those that were released by Google haven’t necessarily made it into the releases by individual carriers. This is because carriers have control over when to release them to their users. While most of the time it is shortly after they are provided to them, sometimes they delay releasing them to try to lure people into buying new devices. If you haven’t received a notice for one of the affected Android devices that an update is available, call your carrier and inquire.

If you haven’t updated your Android devices lately, take some time to check if any are available and get at least the three available patches applied. The flaws could allow an attacker to get full control of a vulnerable device; which means he or she would have access to the microphone, the camera, and everything on it.

Fortunately, it would take some effort by the attacker to trick a user into installing a malicious app to be successful. Most Android smartphones at least, don’t allow sideloading of apps (installing them from a location other than the Google Play store), but some malicious apps have still made it past the additional checks and were allowed in. It’s still safer to check the official app store on all devices rather than getting them from other locations.

Some of the devices affected include:

• Google’s Nexus 5X, Nexus 6, and Nexus 6P
• HTC’s One M9 and M10
• Samsung’s Galaxy S7, S7 Edge
• BlackBerry DTEK50, Priv
• Blackphone 1 and 2
• LG G4, G5, V10
• Motorola New Moto X
• OnePlus One, 2, and 3
• Sony Xperia Z Ultra

Remember that when you are looking for apps to install, make sure they are from reputable developers. Check the reviews and make sure there are more than just a few and that they are not all glowing. Sometimes this means they are fake and the app could be malicious. Also check elsewhere online for reviews and information. Sometimes the reviews in the app stores review the app itself and not the company. If there is a complaint about how a company does business, whether via an app, online, or brick and mortar, there will be information on those elsewhere and they may include information on how the app installs malware, if it does.

© Copyright 2016 Stickley on Security