Monday, August 8, 2016

Android has fallen! 900 Million Android devices affected with core security issues


It just never stops with Android phones. Again, a new line of security vulnerabilities has been discovered in Qualcom chipsets that could allow an attacker to gain root-level access to any Qualcomm device.

More than 900 Million Android smartphones and tablets worldwide have been affected.

Scary number. But it is even scarier that this set of vulnerabilities and security issues will most probably never be patched on most of affected Android devices due to the laziness of the manufacturers to install the patches.

Check Point researchers revealed these security issues and found four critical Quadrooter vulnerabilities:

  • CVE-2016-2503 discovered in Qualcomm's GPU driver and fixed in Google's Android Security Bulletin for July 2016.
  • CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google's Android Security Bulletin for August 2016.
  • CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.
  • CVE-2016-5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.


Who is Qualcom?

It is one of the leaders of LTE (Long Term Evolution) chipsets with a 65% share of the LTE modem baseband market.

How can an attacker exploit these security issues in Qualcom?

By exploiting any of the above mentioned vulnerabilities an attacker can gain privileged root access on any of these affected devices. The only thing the attacker needs to do is to make possible that the user of the affected devices installs and opens a malware written by the attacker. Once the victim opens the infected file or it can also be an app, the malware spreads over the phone and offers the attacker privilege escalation on the affected devices.

"Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing," Check Point researchers write in a blog post.

From this 900 million affected devices here are some of the most popular ones that is impacted by some or all of the Quadrooter vulnerabilities:  Samsung Galaxy S7 and Samsung S7 Edge, Sony Xperia Z Ultra, OnePlus One, OnePlus 2 and OnePlus 3, Google Nexus 5X, Nexus 6 and Nexus 6P, Blackphone 1 and Blackphone 2, HTC One, HTC M9 and HTC 10, LG G4, LG G5, and LG V10, New Moto X by Motorola, BlackBerry Priv

What can you do now?

Check if you are one of the affected users using Check Point's free app.


                                                                 1: Check point app

In case you have one of these affected devices you have to contact the device distributors or carriers since Qualcom chip-sets come pre-installed on the Android device and they can be only fixed by installing a patch from the device distributors or carriers once they received fixed driver packs from Qualcomm.

This again shows us security issues the Android system has. Better security check-ups must be applied through the entire supply chain before the devices are even made available to end users.

Google has done a good job and has already fixed three of four of these vulnerabilities and the remaining patch will be out in September in their upcoming security updates.

Whoever owns a Nexus device shouldn’t worry since all the devices have been already patched over the air-updates but other Android device owners have to go immediately to their device manufactures or distributor and immediately install the fixes into their own custom Android ROMs.




No comments:

Post a Comment