It is currently 20-10-2017 01:04

Vulnerability QuadRooter threatening 900 million Android devices

Vulnerability QuadRooter threatening 900 million Android devices

by seo_worker » 2016-08-11 12:55:37



About various problems devices running on iron-based Qualcomm, the experts said repeatedly. This time experts of the company Check Point said at DEF CON 24 from four new vulnerabilities that are present on devices with Qualcomm chipsets. These concerns have been a common name QuadRooter and threatening 900 million Android devices.

Discovered the Bahamas was awarded the following identifiers: CVE-2016-2503 (discovered in Qualcomm's GPU driver fixed with the release of Android Security Bulletin in July 2016), CVE-2016-2504 (another bug in the Qualcomm GPU driver, revised in August 2016), CVE-2016-2059 (the problem in the kernel module Qualcomm eliminated in April 2016, but the status of the patch is unknown), CVE-2016-5340 (vulnerability in Qualcomm's GPU driver fixed, but the status of the patch is unknown).

All discovered vulnerabilities can be used by hackers to gain full control over devices and access to sensitive personal and corporate data. With QuadRooter intruders can also keep track of a keystroke, the user's location by GPS, record video and audio.

All vulnerabilities were found in software drivers, which Qualcomm supplies with their chipsets. A hacker can exploit the data bugs via a malicious application. These applications do not need Express authorization of the owner of the smartphone, so their actions will not cause suspicion. According to experts, in danger of about 900 million devices including the following models:

Samsung Galaxy S7 & S7 Edge
Sony Xperia Z Ultra
Google Nexus 5X, 6 & 6P
HTC One M9 & HTC 10
LG G4, G5 & V10
Motorola Moto X
OnePlus One, 2 & 3
BlackBerry Priv
Blackphone 1 & 2
Specialists Check Point has created a free app for finding vulnerabilities QuadRooter, which can be installed via Google Play.



Michael Shaulov, head of mobile products Check Point Software Technologies, commented:

Qoute:"Such vulnerabilities as QuadRooter once again prove the necessity of resolving security problems in Android devices and the data contained therein. The supply chain is very complex, so each patch you want to install and test on Android, will be created individually for each model of the devices affected. This process can take several months, during which smartphones are vulnerable. The user does not always know that their data is at risk. The process of upgrading the security system of Android is broken and needs fixing".

Details about QuadRooter and a full report on the bugs posted on the official website of Check Point.
seo_worker
moderators
Сообщений: 755
Депозит: 0.005 BTC

Rating: 2