Threat Update: QuadRooter
August 10, 2016
Four newly-discovered vulnerabilities affecting over 900 million android devices (smartphones and tablets) have surfaced. When exploited, these vulnerabilities can give attackers complete control of devices and access to sensitive personal and enterprise data.
Dubbed "QuadRooter", these four vulnerabilities affect Android devices built on Qualcomm® chipsets. Using a malicious app, cybercriminals can trigger privilege escalations and gain root access to a device. An attacker can use apps to run privileged commands not usually available on factory-configured devices, such as changing or removing system-level files, apps, as well as accessing hardware including touch screens, cameras and microphones.
In BYOD (bring your own device) environments without strict application controls, QuadRooter vulnerabilities can pose serious risk to your corporate network and critical information.
Some popular devices utilizing the Qualcomm® chipset include:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
Protecting Yourself and Your Enterprise
- Patches from the Qualcomm team have been released to technology partners. Be sure to install the latest Android update as soon as it becomes available.
- Deploy a mobile security solution that detects and stops advanced mobile threats.
- Only use known Wi-Fi networks or those verified by a trusted source.
- Read permission requests carefully when installing new apps onto a personal or corporate device. Be wary of apps that require more information or access than necessary.
- Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources.
For more information please contact a Herjavec Group security specialist today.
References
[1] Checkpoint QuadRooter Report
[2] 'Quadrooter' flaws affect over 900 million Android phones
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity solutions and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services globally supported by a state-of-the-art, PCI compliant, Security Operations Centre (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including head offices in Toronto (Canada), New York City (USA), Reading (United Kingdom) and Sydney (Australia). For more information, visit www.herjavecgroup.com.