Skip to main content

Quadrooter flaws leave 900M Android devices vulnerable to rogue app gaining total control

Four separate vulnerabilities in Qualcomm chips – used in 80% of Android devices – could allow a rogue app to provide an attacker with complete control of the unit, including camera and microphone.

The combined flaws, dubbed Quadrooter, were discovered by CheckPoint researcher Adam Donenfeld, and presented yesterday at the Def Con 24 hacking conference …

We decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems.

ZDNet notes the ‘good news, bad news’ here.

An attacker would have to trick a user into installing a malicious app, which unlike some malware wouldn’t require any special permissions.

The bad news, then, is that once the app is installed, it can gain full root access to the device without requesting permissions from the owner, but you’re not at risk if you stick to known apps installed directly from Google Play.

Qualcomm showed off its latest mobile processor, the Snapdragon 821, just last month. Back in June, Google revealed that it has paid security researchers almost half a million dollars for identifying vulnerabilities in the platform.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel