Being open-source makes Android available in different versions and modifications, but this also makes it difficult to handle vulnerabilities. And this fragmentation in the Android ecosystem requires immense co-ordination and effort to make security patches available for all mobile devices. But, you must be wondering, why are we talking about this?
Well, because a set of four new vulnerabilities affecting mobile phones and tablets powered by a Qualcomm chip have been discovered by Security agency Check Point. The set of vulnerabilities related to the Qualcomm processor chip has been dubbed the ‘QuadRooter‘ because if exploited, it could give a hacker full access to your device.
This ‘high-risk’ privilege escalation vulnerability which was first reported by Check Point in a session at DEF CON 24, affects more than 900 million Android devices. An attacker can exploit one of these vulnerabilities by simply making you install a third-party malicious app, which does not require any special permissions. The attacker can thus take advantage of this situation, without raising any suspicion among users installing the same.
Once the app exploits one of these vulnerabilities, the attacker can gain root access — giving him unprecedented control over your device, including the data and hardware.
Each of these vulnerabilities is unique and affects four different modules of the Android System. These vulnerabilities affect the:
- IPC Router which provides inter-process communication for various components, user mode processes, and hardware drivers.
- Ashmem is Android’s propriety memory allocation subsystem, which enables processes to share memory buffers efficiently.
- kgsl is Qualcomm’s kernel driver that renders graphics by communicating with user-mode binaries.
- kgls_sync is responsible for synchronization between the CPU and apps.
These vulnerability is found in software drivers that ship with Qualcomm chipsets, so any device that ships with this chipset is at risk. Some of the most popular Android smartphones, including the likes of Google Nexus line-up, Samsung Galaxy S7 line-up, also use these chipsets and are vulnerable to these exploits.
Even the Blackberry Priv and the new DTEK50, which the company boasts to be world’s most secure Android phones are also vulnerable to one of the exploits.
SECURITY PATCH
The chipmaker, Qualcomm has already confirmed that it has fixed all of the aforementioned flaws and issued patches to customers, partners, and the open source community. Because Qualcomm has already sent out the bug fixes to all of its partners, so it expects smartphone and tablet OEMs to roll out these security patches sometime in the near future.
A spokesperson also adds that most of these vulnerabilities have already been fixed via Android’s monthly security patches issued by Google for the Nexus line-up. There is, however, still one final outstanding vulnerability that is expected to be fixed in the upcoming September update. This final vulnerability is still at large because of a delay in the dispatch of the final update.
Android being open-source has numerous vulnerabilities that are still at large and haven’t been fixed after years of discovery. One such malware called ‘Stagefright‘ affects devices running Android Froyo and above, leaving their devices vulnerable to remote code execution. Discovered an year ago, it actually refers to the libstagefright media library in Android, which has been proved to be vulnerable to exploitation.
