Latest in Gear

Image credit:

Qualcomm chip security holes affect most Android phones

The QuadRooter flaws may leave 900 million devices open to serious malware.
Share
Tweet
Share

Sponsored Links

If you own vaguely recent Android smartphone, there's a good chance that at least one of Qualcomm's many chips powers it... and if so, you might be at risk. Check Point has revealed four vulnerabilities, bundled under the QuadRooter nickname, that take advantage of problems with Qualcomm driver software (for elements such as graphics, memory and routing) to get root-level access and install malware that could hijack your device. All an attacker needs to do is load a seemingly innocuous, permissions-free app to deliver the payload.

Given the sheer ubiquity of Qualcomm in the mobile world, the exploits could affect the majority of Android devices -- Check Point estimates 900 million in total, or most of the 1.4 billion active devices in use as of fall 2015. That includes many of the past and present flagship phones from companies you know, such as Google's Nexus phones, the HTC 10, LG G5 and at least some variants of Samsung's Galaxy S7. Check Point has gone so far as to release an app that tells you whether or not your hardware is vulnerable.

Thankfully, three of the four issues have been patched, and a fix is coming for the fourth. However, there's a very real chance that you won't get a fix. People with newer Nexus devices already have their fix, but it may take a while for vendors like LG and Samsung to test the solution with their heavily customized takes on Android. And while plenty of security vulnerabilities go unfixed on older hardware that no longer gets support, that lack of updates is a particularly sore point with QuadRooter -- many of those 900 million devices are far from the cutting edge.

You probably aren't under imminent threat given that you'd need to install an app. If you stick to Google Play downloads, you'll likely be safe. With that said, attackers could easily prey on users who either don't know this or live in countries where unofficial app stores dominate, such as China.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Intel's 10th-gen H-series laptop CPUs reach 5.3GHz

Intel's 10th-gen H-series laptop CPUs reach 5.3GHz

View
Apple lets Amazon rent movies inside Prime Video's iPhone app

Apple lets Amazon rent movies inside Prime Video's iPhone app

View
Dell XPS 13 review (2020): Tweaked to near-perfection

Dell XPS 13 review (2020): Tweaked to near-perfection

View
NASA successfully deploys the James Webb Telescope's enormous mirror

NASA successfully deploys the James Webb Telescope's enormous mirror

View
Sony debuts $200 headphones with powerful ANC and long battery life

Sony debuts $200 headphones with powerful ANC and long battery life

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr