Checkpoint Software Technologies and its
team of researchers have discovered a set of four vulnerabilities that
could potentially give attacker access to a phone's data in tens of
millions of Android devices.
The vulnerabilities, known
as QuadRooter, were discovered while looking at software which operates
on chipsets made by US firm Qualcomm.
Qualcomm is a US telecommunications equipment company and controls 65 per cent of the LTE modem baseband market.
The
defect was discovered in software that deals with graphics and in code
which communicates information between chipset components. Michael
Shaulov, head of mobility product management at Checkpoint, says that
the problems were revealed after a six month effort to reverse engineer
Qalcomm's code.
The bugs in the software can easily be triggered using an app, which would go by undetected during installation.
Affected
devices include handsets such as Samsung Galaxy S7, Samsung S7 Edge,
Google Nexus 5X, Nexus 6, Nexus 6P, LG G4, LG G5, LG V10, OnePlus One,
OnePlus 2, OnePlus 3 and many more.
In response to the
information provided by Checkpoint, Qaulcomm has created software
patches and has also started manufacturing chipsets with the bug-free
version. The patches have also been distributed to phone makers and
operators. However, there are no clear figures on how many phones have
been updated.
Checkpoint has created a free app called QuadRooter Scanner, which checks if your phone is at risk.
While there is no current evidence of these vulnerabilities being used, Shaulov says that its only a matter of time.
"It's always a race as to who finds the bug first, whether it's the good guys or the bad."
0 comments:
Post a Comment