According to Security firm Check Point, The 'Quadrooter' security flaws are said to affect over 900 million Android devices that contain Qualcomm chips, which could provide hackers full control over the affected device.
The four newly-discovered vulnerabilities found in android devices containing Qualcomm chips, would be open to attackers once they have tricked a user into installing a malicious app, one which would not require any special permissions.
Once the victim has been successfully exploited, the attacker can gain root access to the affected device, providing the ability to fully access and control the device, its data, and its hardware - such as the camera and microphone.
The four security vulnerabilities are:
- CVE-2016-2503 discovered in Qualcomm's GPU driver and fixed in Google's Android Security Bulletin for July 2016.
- CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google's Android Security Bulletin for August 2016.
- CVE-2016-2059 found in Qualcomm kernel module and fixed.
- CVE-2016-5340 presented in Qualcomm GPU driver, patch status unknown. (due to be released September)
According to Android central, a confirmation came from a Google spokesperson that, Verify Apps can identify and block apps using Quadrooter. However, if the security setting 'allow from unknown sources' is enabled, the device will still be vulnerable to the malware.
You can check if your smartphone or tablet is vulnerable to Quadrooter attack using Check Point's free app which is verified in the android app store.
Sources:
checkpoint: quadrooter vulnerability
cnet: quadrooter security flaws affect over 900 million android devices
thehackernews: 'Quadrooter' Vulnerabilities
android central: google confirms verify apps can block quadrooter exploits
