Qualcomm and Google claim to have patched all but one of the four vulnerabilities.
Android owners, beware: Security flaws found in Qualcomm processors serving Google’s mobile operating system could put your devices at risk.
Researchers at security firm Check Point researchers recently discovered the vulnerabilities, which may affect as many as 900 million devices.
During last week’s Def Con security conference in Las Vegas, Check Point’s Adam Donenfeld revealed four new privilege escalation exploits—together dubbed “Quadrooter”—which can be used to remotely gain root access to Android handsets. An attacker simply needs to trick a user into installing a malicious app, and the cyberthief gains unfettered access to saved data. The attacker can also change or remove system-level files; delete or add apps; and access the device’s screen, camera, or microphone, the security firm said.
Since the vulnerable drivers are pre-installed, they can only be fixed via a patch from distributors or carriers. Those companies, meanwhile, can only push the repair after receiving new driver packs from Qualcomm.
Qualcomm claims to have already fixed all four flaws, and Google said it patched three in an August update; the final debugging will come with the company’s next security update, Android Headlines said.
Neither Qualcomm nor Google immediately responded to PCMag’s request for comment.
Concerned Android owners can download Check Point’s free QuadRooter Scanner app, which, as its name suggests, scans your phone to see if the necessary patches have been downloaded and installed.
Even the most secure devices are at risk, according to Check Point, which provided the following list of affected smartphones:
Blackphone, Blackphone 2
Google Nexus 5X, Nexus 6, Nexus 6P
HTC One, HTC M9, HTC 10
LG G4, LG G5, LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2, OnePlus 3
Samsung Galaxy S7, Galaxy S7 Edge
Sony Xperia Z Ultra
Qualcomm just last month unveiled its latest mobile processor, the Snapdragon 821, boasting 10 percent better performance than the 820; the latter just recently began showing up in gadgets like the Galaxy S7 and HTC 10.