Check Point today disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets. The Check Point mobile threat research team, which calls the set of vulnerabilities QuadRooter, presented its findings in a session at DEF CON 24 in Las Vegas.
What is QuadRooter?
QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.
Some of the latest and most popular Android devices found on the market today use these chipsets, including:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
How are Android devices exposed to this vulnerability?
An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.
What Android devices are at risk?
QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. Any Android device built using these chipsets is at risk. The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices.
Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.
This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.
How can I protect employee’s devices from attacks using these vulnerabilities?
Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place.
What are the risks if an attacker exploits the vulnerability on a device?
If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.
How can my employees protect their personal devices from QuadRooter?
Check Point continues to recommend that organizations encourage employees to follow these best practices to help keep Android devices safe from attacks:
- Download and install the latest Android updates as soon as they become available. These include important security updates that help keep your device and data protected.
- Understand the risks of rooting your device – either intentionally or as a result of an attack.
- Examine carefully any app installation request before accepting it to make sure it’s legitimate.
- Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, practice good app hygiene by downloading apps only from Google Play.
- Read permission requests carefully when installing any apps. Be wary of apps that ask for permissions that seem unusual or unnecessary or that use large amounts of data or battery life.
- Use known, trusted Wi-Fi networks or while traveling use only those that you can verify are provided by a trustworthy source.
- End users and enterprises should consider using mobile security solutions designed to detect suspicious behavior on a device, including malware that could be obfuscated within installed apps.
For users who use their personal Android devices for work purposes, Check Point also recommends the following considerations:
- Enterprises should deploy a mobile security solution that detects and stops advanced mobile threats.
- Contact your mobility, IT, or security team for more information about how it secures managed devices.
- Use a personal mobile security solution that monitors your device for any malicious behavior.
Where can I learn more about QuadRooter?
The Check Point mobile threat research team has compiled a report that includes a detailed analysis of each vulnerability and how attackers can exploit these on Android devices. Also available is a free QuadRooter scanner app on Google Play, which can tell you if these vulnerabilities exist on your device.