Security News

The truth behind QuadRooter

Deborah Salmi, Nov 30, 2016 2:49:29 PM

Headlines scream that a new Android vulnerability could expose 900 million devices. Find out the truth about QuadRooter, and what you can do to protect yourself.

quadrooter affects 900 million android devices

What is QuadRooter?

Last week, headlines blared that 900 million Android smartphones and tablets were at risk for newly discovered vulnerabilities dubbed QuadRooter. Researchers at Check Point said that four vulnerabilities affect Android devices built using Qualcomm chipsets.

“If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device,” Check Point wrote in a blog post.

“Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.”

Is my Android phone affected by QuadRooter?

Most likely. Some of the most popular Android devices are affected: Google Nexus 5X, 6 and 6P, Samsung Galaxy S7 and S7 Edge, Sony Xperia Z Ultra, HTC One M9 and HTC 10, LG G4, G5 and V10, to list a few.

Check Point created an app that tells you if your device is affected. Download the QuadRooter Scanner for free from Google Play.

What is being done to fix QuadRooter?

From April to July, Qualcomm developed and released patches for all four vulnerabilities and provided them to their customers, partners and the open source community of developers.

Google says that three of the four issues are already patched in their Nexus devices, while the fourth will be patched in the next security update.

“Nexus devices already have protections for 3 of the 4 issues. We are currently working on an update to Nexus devices to fix the remaining issue (CVE-2016-5340). Patches for all supported Nexus devices will be delivered over the air by early September," wrote a representative of Google's mobile divisions in an email to Avast mobile security researcher, Filip Chytrý.

"For the broader Android ecosystem, all Android devices with a patch string of Sept 6, 2016 (or greater) must include these fixes. In addition, we are updating Google Play, Verify Apps, and Safety Net to provide users with another layer of protection. Exploitation of these issues depends on users downloading and installing a malicious application. So far, we have seen no evidence of exploitation of these issues.”

Do I need to be worried about QuadRooter and my own security?

The fragmentation of the Android operating system means that users will get patches at different times, based on when the device manufacturers and mobile operators push them out.

“So, technically, yes, you should worry”, says Chytrý. “It’s not possible to push updates to all devices worldwide. There are too many versions which need to be fixed and it’s sure that they are not going to fix all of them.”

“The scariest thing about QuadRooter is it can pass the Google Play security service “bouncer“ so if you are hacker you can upload a new unknown app directly to Google Play to get root access of user devices. Then you can do whatever you want with those devices,” said Chytrý.

Is company data at risk from QuadRooter?

Mobile hackers use vulnerabilities that make enterprise devices especially vulnerable. Using the QuadRooter vulnerability, hackers can potentially take complete control of devices and have unrestricted access to sensitive personal and enterprise data on them.

Having virtual mobile infrastructure in place will protect corporate apps and data stored on personal BYOD mobile devices.

“Even if a user had a device that was compromised by QuadRooter, the virtualized version of Android would continue to operate unaffected by the attack, and the customer’s applications and data would remain secure because they were being run and stored on a remote server outside the device,” wrote Pablo Sole on the Avast Virtual Mobile Platform blog.

Learn what Avast Virtual Mobile Platform can do for your company.

Does Avast Mobile Security protect me from QuadRooter?

Yes, Avast Mobile Security can detect new apps using this vulnerability.

Install Avast Mobile Security from Google Play Store

Is there anything I need to do to keep my phone protected from QuadRooter?

  • Apply all updates to your mobile devices when they come in.
  • Make sure you have Avast Mobile Security installed, and schedule Smart Scans regularly. Smart Scan scans your installed apps and the contents of your memory card. If there are any security risks, Avast Mobile Security will inform you.
  • Protect yourself by not installing any application - no matter from which source. We know that advice is not realistic, so if you do install a new app, do it from a known source like the Google Play Store. Just realize that even with all the built-in protections, it is still not 100% secure.