new Android flaw has been reported by security researchers that is claimed to
affect roughly 900 million Android devices
powered by Qualcomm chipsets.
Dubbed QuadRooter, the
flaw is basically a set of four vulnerabilities. The
research team explains that if any one of the four vulnerabilities is
exploited, the security flaw can give attackers
complete control of affected phone or tablet, including access to sensitive
personal and enterprise information stored on the device. Access could also provide an attacker
with capabilities such as keylogging, GPS tracking, and recording video and
attacker can exploit these vulnerabilities using a malicious app that wouldn't require any special permissions.
Qualcomm was notified about the vulnerabilities - found in
the company's software drivers - back in April this year. The chipmaker says
that all the bugs were fixed at its end and patches were handed over to
customers. While fix for three vulnerabilities have already made it to recent
Android monthly security updates released by Google, one is still outstanding -
it'll be be included in the September update.
research team recommends some best
practices to keep Android devices
safe from such attacks like downloading and installing the latest Android
update; examine any app installation request before accepting; avoid
side-loading Android apps, and read permission requests when installing any
apps among others.
research team has also released a free
QuadRooter Scanner app on Google Play, using which you can confirm whether or
not these vulnerabilities exist on your device.