“Quadrooter” is the latest Android security flaw found in Android running devices. The term includes four undisclosed vulnerabilities affecting the Qualcomm chips. Check Point Software technologies unveiled the research detailing the vulnerability that is said to affect over 900 million devices running Android.The company reported the vulnerabilities to Qualcomm back in April. It followed protocol laid down by CERT-CC (Computer Emergency Response Team Coordination Center) by giving Qualcomm 90 day time to patch the issues and distribute them to OEM’s and network carriers.Latest devices in the market including Google Nexus 5X / 6 / 6P, HTC 10, LG G5, OnePlus 3, Moto X (2016), Samsung Galaxy S7 / S7 Edge including the most secure BlackBerry DTEK50 is also affected by the flaw. The flaw consists of privilege escalation which was explained at Def Con yesterday. The attacker can trick users into installing a specially crafted malicious app and this app would not require any suspicion raising special requests. The flaw gives the attacker, root access to the device which means that the attacker has access to hardware and data of the smartphone as reported by Inquisitr.Qualcomm responded pointing out that it had fixed all the flaws and issued patches to all the phone manufacturers and Network carriers between April to the end of July. These patches were integrated into the latest monthly Google Security Bulletin on July.The security bulletin patches three of the four flaws because one patch was not issued in time. The last patch will arrive in the August Security bulletin. But phone manufacturers can patch the flaw early on because Qualcomm has already given them the code.
This leaves the market in an interesting and dangerous position that no phone is completely secured from “Quadrooter”. We tested two of the Android phones in our team and both were affected by the flaw with the most secure phone being affected by two of the four flaws while the least secure was affected by all the four flaws.