Zuhause > Cyber ​​Aktuelles > Is Your Android Prone to QuadRooter Flaws? 900 Million Geräte sind!

Ist Ihr Android Neigt zu QuadRooter Flaws? 900 Million Geräte sind!


Wir alle wissen, Android ist verwundbar, aber, wie verwundbar ist es wirklich? 2016 hat bereits eine Reihe von Sicherheitslücken in dem beliebten Handy-Betriebssystem gesehen. Und einige von ihnen sind ziemlich ernst! Noch vor ein paar Tagen Check Point researchers disclosed a particular set of flaws, which immediately topped the charts in terms of severity and scope. Even Android Marshmallow is affected. Millions of devices are endangered by the so-called QuadRooter set of vulnerabilities, über 900 Million, um genau zu sein.

More about the QuadRooter Vulnerabilities in Android

QuadRooter consists of four flaws affecting Android devices built using the Qualcomm chipsets. Wenn ausgebeutet, all four of the vulnerabilities could allow an attacked to trigger privilege escalation and gain root access to the targeted device.

Devices Affected by QuadRooter

The QuadRooter vulnerabilities are located in software drivers that ship with Qualcomm chipsets. Im Grunde, any Android device built with these chipsets is endangered. “The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices“, Forscher erklären.

Because the drivers are pre-installed during manufacture, they can only be fixed by applying a patch from the distributor (or carrier). Zudem, distributors can issue patched only after getting fixed driver packs from Qualcomm. Patching Android is definitely not a simple task!

This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.

Here is a list of the popular Android devices using the Qualcomm chipsets:

  • BlackBerry Priv
  • black 1 and Blackphone 2
  • Google Nexus 5X, Verknüpfung 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

How Can QuadRooter Vulnerabilities Be Exploited?

CVE-2016-2503, CVE-2106-2504, CVE-2016-2059, CVE-2016-5340

  • CVE-2016-2503 is discovered in Qualcomm’s GPU driver and is now fixed in Google’s Android Security Bulletin for July 2016.
  • CVE-2016-2504 is located in Qualcomm GPU driver and is fixed in Google’s Android Security Bulletin for August 2016.
  • CVE-2016-2059 is found in Qualcomm kernel module and is fixed in April, the patch status still appears unknown.
  • CVE-2016-5340 is found in Qualcomm GPU driver and should be fixed, but the patch status is unknown.

An attacker can exploit all four of the QuadRooter flaws via a malicious app. The worst part is that such an app would not require special permissions to directly exploit the vulnerabilities, and thus the user will not be suspicious and will process with installing it.

Check Point’s report highlights the fact that vulnerabilities as severe as QuadRooter may be very difficult to fix but they also bring the unique challenge of securing Android devices:

  • Fragmentation is somewhat responsible for keeping Android devices secure despite the complex supply chain.
  • The development and deployment of security patches takes a lot of time and effort, and it shouldn’t leave users unprotected for unknown period of time.
  • There are devices that can’t support the latest Android versions which makes it impossible for them to receive crucial security updates and leaves them open to exploits.
  • End-users should be fully informed about the risks of using mobile devices and networks, rooting and downloading from unknown sources. The risk of public Wi-Fi shouldn’t be underestimated as well.
  • Auf der einen Seite, the end-user’s PII is threatened, but also any other piece of information (like business) located on the device becomes vulnerable.

Security Tips for Android Devices

Android is vulnerable and end-users should be as prepared for issues as they are with their desktop machines. Here are several security tips to always keep in mind:

  • You wouldn’t leave your Windows without its mandatory security fixes, would you? You should never skip an Android security update, zu!
  • Rooting your device hides certain risks –evaluate them before ever considering to do it.
  • Stay away from side-loading Android apps (.APK files) or downloading apps from third-party sources. Only download from Google Play, but always keep in mind that malicious apps can sneak in there, zu.
  • Never forget to carefully read the app permissions. If an app seems suspicious, it most likely is! Be careful with apps that ask for unusual or unnecessary permissions or such that use large amounts of data or battery life.
  • Use known, trusted Wi-Fi networks. When on a trip, exclusively use only networks that are verified.
  • Erwägen Sie die Installation AV protection on your Android that will detect suspicious behavior on your device, like malware hiding in installed apps.

Milena Dimitrova

Ein begeisterter Autor und Content Manager, der seit Projektbeginn bei SensorsTechForum ist. Ein Profi mit 10+ jahrelange Erfahrung in der Erstellung ansprechender Inhalte. Konzentriert sich auf die Privatsphäre der Nutzer und Malware-Entwicklung, sie die feste Überzeugung, in einer Welt, in der Cybersicherheit eine zentrale Rolle spielt. Wenn der gesunde Menschenverstand macht keinen Sinn, sie wird es sich Notizen zu machen. Diese Noten drehen können später in Artikel! Folgen Sie Milena @Milenyim

Mehr Beiträge

Folge mir:

Schreibe einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

Auf Facebook teilen Teilen
Loading ...
Empfehlen über Twitter Tweet
Loading ...
Share on Google Plus Teilen
Loading ...
Share on Linkedin Teilen
Loading ...
Empfehlen über Digg Teilen
Teilen auf Reddit Teilen
Loading ...
Empfehlen über Stumbleupon Teilen
Loading ...