900M+ Android users exposed to hack due to Qualcomm Quadrooter flaws

Experts from Checkpoint have found four major vulnerabilities dubbed Quadrooter in Qualcomm chips that expose more than 900M Android users to hack.

Security experts from the security firm Checkpoint have found four major vulnerabilities, dubbed Quadrooter, in the firmware running on the in the Qualcomm chips that equip modern Android devices. The Quadrooter flaws could be exploited by hackers to “trigger privilege escalations for the purpose of gaining root access to a device,”

“Check Point today disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets.” states the blog post published by Checkpoint.

“QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.”

More than 900 million users are vulnerable to a range of attacks, the attackers could use for example a malware which wouldn’t require special permissions to gain control over the mobile device.

Qualcomm chips are the core components of devices manufactured by major mobile vendors, it accounts for the 65 percent of the market.

BlackBerry Priv
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6, and Nexus 6P
HTC One, HTC M9, and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2, and OnePlus 3
Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra

The four security vulnerabilities are:

CVE-2016-2503 affecting the Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.
CVE-2016-2504 affecting the Qualcomm GPU driver and fixed in Google’s Android Security Bulletin for August 2016.
CVE-2016-2059 affecting the Qualcomm kernel module and fixed in April.
CVE-2016-5340 affecting the Qualcomm GPU driver and already fixed.

The good news is that three on four vulnerabilities have already been patched, the remaining flaw will be rolled out in the upcoming September update. In cases like this one, the real problem is the time spent by handset manufacturers for releasing a patch. At the time I was writing only Google’s Nexus devices have already been patched by the company.

“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies. We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open-source community between April and July. The patches were also posted on CodeAurora. QTI continues to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities.”a Qualcomm spokesperson said.

In a typical attack scenario, a hacker needs to write a malicious code and send it to the victim or he can trick victims into installing a malicious app. Once installed, the malware allows the attacker to gain privilege escalation on the affected devices. Data and applications on mobile, the microphone, and the camera will be under complete control of the attacker.

“Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing,” states the analysis published by Check Point.

If you want to check if your mobile device is vulnerable to Quadrooter attack use the Check Point’s free app.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Quadrooter , Android)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.