Threat Update: QuadRooter

August 10, 2016

Four newly-discovered vulnerabilities affecting over 900 million android devices (smartphones and tablets) have surfaced. When exploited, these vulnerabilities can give attackers complete control of devices and access to sensitive personal and enterprise data. 

Dubbed "QuadRooter", these four vulnerabilities affect Android devices built on Qualcomm® chipsets. Using a malicious app, cybercriminals can trigger privilege escalations and gain root access to a device. An attacker can use apps to run privileged commands not usually available on factory-configured devices, such as changing or removing system-level files, apps, as well as accessing hardware including touch screens, cameras and microphones. 

In BYOD (bring your own device) environments without strict application controls, QuadRooter vulnerabilities can pose serious risk to your corporate network and critical information. 

Some popular devices utilizing the Qualcomm® chipset include:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

Protecting Yourself and Your Enterprise

  • Patches from the Qualcomm team have been released to technology partners. Be sure to install the latest Android update as soon as it becomes available.
  • Deploy a mobile security solution that detects and stops advanced mobile threats.
  • Only use known Wi-Fi networks or those verified by a trusted source.
  • Read permission requests carefully when installing new apps onto a personal or corporate device.  Be wary of apps that require more information or access than necessary.
  • Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources.

For more information please contact a Herjavec Group security specialist today.

 CONNECT WITH US

 

References

[1] Checkpoint QuadRooter Report

[2] 'Quadrooter' flaws affect over 900 million Android phones

About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity solutions and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services globally supported by a state-of-the-art, PCI compliant, Security Operations Centre (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including head offices in Toronto (Canada), New York City (USA), Reading (United Kingdom) and Sydney (Australia).  For more information, visit www.herjavecgroup.com.

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.

Take the First Step
In Transforming Your Cybersecurity Program

Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.

Book a Free Consultation

Stay Informed

Follow us on Twitter
Connect with us on LinkedIn