Four separate vulnerabilities in Qualcomm chips – used in 80% of Android devices – could allow a rogue app to provide an attacker with complete control of the unit, including camera and microphone.
The combined flaws, dubbed Quadrooter, were discovered by CheckPoint researcher Adam Donenfeld, and presented yesterday at the Def Con 24 hacking conference …
We decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.
ZDNet notes the ‘good news, bad news’ here.
An attacker would have to trick a user into installing a malicious app, which unlike some malware wouldn’t require any special permissions.
The bad news, then, is that once the app is installed, it can gain full root access to the device without requesting permissions from the owner, but you’re not at risk if you stick to known apps installed directly from Google Play.
Qualcomm showed off its latest mobile processor, the Snapdragon 821, just last month. Back in June, Google revealed that it has paid security researchers almost half a million dollars for identifying vulnerabilities in the platform.