Android Qualcomm chipset vulnerability
A man walks past the Android entrance stand during the Mobile World Congress in Barcelona, Spain February 24, 2016. Reuters/Albert Gea

Owners of Android devices should observe extra caution in installing apps and connecting to unknown wi-fi networks as a mobile threat research team uncovers a set of vulnerabilities affecting 900 million Android smartphones and tablets using Qualcomm chipsets.

Check Point disclosed the set of vulnerabilities and referred to it as “QuadRooter” during its presentation at the DEF CON 24 Hacking Conference held from Aug. 4 to 7 in Las Vegas.

“QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. Any Android device built using these chipsets is at risk,” Check Point said in a blogpost.

“If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.”

Qualcomm is the world’s leading designer of LTE chipsets. It controls 65 percent of the LTO modem market. The latest smartphones and tablets that use Qualcomm chipsets include BlackBerry Priv, Blackphone 1 and Blackphone 2, Google Nexus 5X, Nexus 6 and Nexus 6P, HTC One, HTC M9 and HTC 10, LG G4, LG G5, and LG V10, New Moto X by Motorola, OnePlus One, OnePlus 2 and OnePlus 3, Samsung Galaxy S7 and Samsung S7 Edge and Sony Xperia Z Ultra.

“If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio,” Check Point pointed out.

To protect devices from the inherent vulnerabilities of Qualcomm chipsets, Check Point advised users to download and install the latest Android update as soon as possible.

“Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, practice good app hygiene by downloading apps only from Google Play,” it said.

Check Point also reminded users to read permission requests carefully when installing any apps. “Be wary of apps that ask for permissions that seem unusual or unnecessary or that use large amounts of data or battery life.”

Enterprise users are advised to utilize a mobile security solution that detects and stops advanced mobile threats, while individual users are encouraged to tap a personal mobile security solution that monitors device for any malicious behavior.

A free “QuadRooter” scanner app is available for download on Google Play.

RELATED STORIES