Story image

Check Point uncovers new vulnerabilities affecting millions of devices

08 Aug 2016

Mobile researchers from Check Point Software have found four new vulnerabilities affecting over 900 million Android smartphones and tablets.

Check Point lead mobile security researcher, Adam Donenfeld, recently revealed the vulnerabilities affecting Android devices built using the Qualcomm chipsets.

Qualcomm is the world’s leading designer of LTE chipsets, with a 65% share of the LTE modem baseband market in the Android ecosystem.

According to Check Point, the set of vulnerabilities are called ‘QuadRooter’. If exploited, the vulnerabilities give attacker complete control of devices. The software company says they could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.

Check Point says the vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. The estimated 900 million affected devices include these models:

  • Samsung Galaxy S7 & S7 Edge
  • Sony Xperia Z Ultra
  • Google Nexus 5X, 6 & 6P
  • HTC One M9 & HTC 10
  • LG G4, G5 & V10
  • Motorola Moto X
  • OnePlus One, 2 & 3
  • BlackBerry Priv
  • Blackphone 1 & 2

Michael Shaulov, head of head of mobility product management for Check Point says vulnerabilities like QuadRooter bring into focus the unique challenge of securing Android devices, and the data they hold. 

“The supply chain is complex, which means every patch must be added to and tested on Android builds for each unique device model affected by the flaws,” says Shaulov.

“This process can take months, leaving devices vulnerable in the interim, and users are often not made aware of the risks to their data. The Android security update process is broken and needs to be fixed.”

Check Point has created a free QuadRooter scanner app that's available from Google Play. The app enables Android users to find out if their device is vulnerable, and prompts them to download patches for the problem.  

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.