900m Android devices said to be affected by Qualcomm vulnerability exploit

Four new vulnerability exploits have been found on over 900 million Android smartphones, with Qualcomm chipsets found to be the root cause, according to research by Check Point.

Tim Skinner

August 8, 2016

3 Min Read
900m Android devices said to be affected by Qualcomm vulnerability exploit

Four new vulnerability exploits have been found on over 900 million Android smartphones, with Qualcomm chipsets found to be the root cause, according to research by Check Point.

Researchers from security experts Check Point detected the vulnerabilities affecting all Android devices running a specific Qualcomm chipset. Since the vulnerabilities are found in the software drivers Qualcomm ships with its chipsets, and since said drivers are pre-installed on devices straight out of the factory, they can only be fixed by installing a patch from the distributor or operator. First, Qualcomm will need to provide the fixed driver pack to the operator before it can then distribute it to customers affected.

According to Check Point, the vulnerabilities, known as QuadRooter, can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data which may be stored on the device. Check Point presented the results of its research at hacking and information security conference Defcon.

“Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape,” said Adam Donenfeld, Senior Security Researcher, Check Point “However, Google is not alone in the struggle to keep Android safe. Qualcomm, a supplier of 80% of the chipsets in the Android ecosystem, has almost as much effect on Android’s security as Google. With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems. In this presentation we will review not only the privilege escalation vulnerabilities we found, but also demonstrate and present a detailed exploitation, overcoming all the existing mitigations in Android’s Linux kernel to run kernel-code, elevating privileges and thus gaining root privileges and completely bypassing SELinux.”

Cloud security firm CensorNet said the exploit presents a clear and present danger for organisations using affected devices as part of a BYOD strategy.

“Give that BYOD is now commonplace, a vulnerability in mobile hardware on this scale could be a huge risk to enterprises,” said Ed Macnair, CEO of CensorNet. “By having root access to the primary device that many people use on a daily basis for business operations, a hacker basically becomes a superuser.  Having unfettered access to company systems is a few relatively simple steps away.”

Check Point also revealed which devices are most affected by, or exposed to, the vulnerabilities. Some of the latest and most popular Android devices on the market use the affected Qualcomm chipsets, and they include:

  • BlackBerry Priv

  • Blackphone 1 and Blackphone 2

  • Google Nexus 5X, Nexus 6 and Nexus 6P

  • HTC One, HTC M9 and HTC 10

  • LG G4, LG G5, and LG V10

  • New Moto X by Motorola

  • OnePlus One, OnePlus 2 and OnePlus 3

  • Samsung Galaxy S7 and Samsung S7 Edge

  • Sony Xperia Z Ultra

Users who fears they may be affected can scan for exploits using the application found here. Telecoms.com reached out to Qualcomm for comment but is yet to hear a response at the time of writing.

 

UPDATE: 08/08/2016 17:22 BST – Qualcomm responded to Telecoms.com’s request for comment with the following:

“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July.  The patches were also posted on CodeAurora. QTI continues to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities.”

About the Author

Tim Skinner

Tim is the features editor at Telecoms.com, focusing on the latest activity within the telecoms and technology industries – delivering dry and irreverent yet informative news and analysis features.

Tim is also host of weekly podcast A Week In Wireless, where the editorial team from Telecoms.com and their industry mates get together every now and then and have a giggle about what’s going on in the industry.

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like