A bug could place nearly 1 billion electronic devices into the hands of hackers.
Cybersecurity experts at Checkpoint found that many models of popular Android devices feature a “QuadRooter” – a set of four vulnerabilities that could leave smartphones and tablets vulnerable to attackers. The bug was found on pre-installed drivers running on chipsets made by US firm Qualcomm. If exploited, the vulnerabilities allow attackers to have unrestricted access to personal data on the device. It would also allow them to have control of the device's camera and GPS.
For more information on the specifics of the bug, you can download the full Checkpoint report here.
The bug could potentially leave 900 million smartphones and tablets that have the chipsets vulnerable to hackers. The company said the following models are at risk:
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6 and Nexus 6P
- HTC One, HTC M9 and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2 and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
At the moment, there is no evidence to suggest that cybercriminals have been using the bug.
Checkpoint sent information about the bugs to Qualcomm in April this year. Qualcomm responded by creating patches for the bugs in an “industry-standard disclosure policy”, which allows them to have 90 days to create patches before disclosing these vulnerabilities to the public. Checkpoint have said that the issue highlights that Android’s security update process is “badly broken.” It’s also not clear if the patches have made their way onto customer's devices.
As ever, the best way to stay on-top of threats is to install the Android operating system updates as soon as they become available. These updates often contain patches and security updates that have been developed in light of reports of bugs and vulnerabilities.
Checkpoint also has a free “QuadRooter scanner app” on the Google Play store, which can tell if your device has these vulnerabilities.