Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Bridgetown Botanicals CBD Concentrates   PhytoExtractum Kratom Powder for Sale   Kraken Kratom Red Vein Kratom   Unfolding Nature Unfolding Nature: Being in the Implicate Order

Jump to first unread post Pages: 1
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
QuadRooter Android bug could affect almost 1bn phones, researchers claim
    #23522257 - 08/08/16 03:32 PM (7 years, 5 months ago)

https://www.theguardian.com/technology/2016/aug/08/quadrooter-android-bug-phones-hackers-smartphone
Quote:


Security flaws that could give hackers complete access to a smartphone have been found in the processors of hundreds of millions of Android devices, researchers claim.
Computer security firm Check Point says that the bugs could affect up to 900m Android phones, including some made by BlackBerry, Google and LG among others.

The bugs are caused by vulnerabilities in the processor chips used by US firm Qualcomm in those phones , and allows an attacker to craft a malicious app which can do almost anything on the phone – a flaw called “privilege escalation”. However, there is no evidence that the issue has yet been used in the wild to attack real phones.

The firm has dubbed the flaws “QuadRooter”, because there are four interconnected flaws which can be used to gain access to the “root” of the phone, the most secure section of the operating system. An attacker with root access has full control over a device and can do anything from completely replacing the operating system to logging every single action on the phone and uploading everything to a third party.

According to Check Point, speaking at the Def Con hacking convention in Las Vegas, an app taking advantage of QuadRooter could “give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them”. The company named Google’s Nexus 5X, Nexus 6, and Nexus 6P, HTC’s One M9 and HTC 10, and Samsung’s Galaxy S7 and S7 Edge as some of the phones affected by the flaw.

Qualcomm said: “We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July.”
Just because manufacturers know of the bug and how to fix it, doesn’t mean consumers are safe: each individual manufacturer still has to create a specific fix for their model of phone, and in many cases individual mobile carriers then have to themselves agree to roll that fix out to their customers. As a result, Check Point suggested that the Android platform as a whole – which is open to dozens of different manufacturers and software developers – was part of the issue, with updates taking too long to pass through the system.

“This situation highlights the inherent risks in the Android security model,” the firm said. “Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.”

Last year, Google announced an initiative to solve these problems, confirming that their phones would be kept secure for at least three years after launch. The company’s own-brand Nexus smartphones have indeed received a fix for three of the four flaws identified by Check Point. The fourth fix missed out on the fix because the final patch wasn’t issued in time.

Check Point has encouraged users to keep their phone’s software up to date in order to keep it secure, and said it has also created a free app called QuadRooter Scanner, which can be used to check whether a user’s phone is at risk.

Unpatched users do still have some defence, however. A malicious app must be installed on their phone before it can take advantage of the vulnerability, and Google now explicitly vets apps uploaded to its own app store before publication to ensure they are safe to use. Some still slip through the cracks, however, and third-party app stores, particularly popular in China where the official Google Play Store isn’t available, may not have such protections.
The vulnerability is the most widespread seen in the Android platform since 2015’s Stagefright bug, which affected the operating system’s media handling technology. That bug affected the vast majority of Android phones, even after the security researcher who discovered it gave manufacturers 90 days advance warning to fix the problems before going public.

The embarrassing lag between learning of the problem and issuing a fix led some manufacturers, including Google and Samsung, to promise a radical overhaul in how they handle security fixes for top-tier phones. But the vast majority of Android phones aren’t the luxury models covered by such promises, and it remains unclear whether such mid-market devices will ever see fixes for flaws like QuadRooter.




Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: QuadRooter Android bug could affect almost 1bn phones, researchers claim [Re: tdubz]
    #23522261 - 08/08/16 03:34 PM (7 years, 5 months ago)

Patch your phone...if you own a lower end model then you would need to root your phone to have the latest security updates as companies usually only push OTA (over the air) to the newest models.


Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Bridgetown Botanicals CBD Concentrates   PhytoExtractum Kratom Powder for Sale   Kraken Kratom Red Vein Kratom   Unfolding Nature Unfolding Nature: Being in the Implicate Order


Similar ThreadsPosterViewsRepliesLast post
* Microsoft Issues Patch For Critical Bugs In Last Month's Patch For Critical Bugs DiploidM 901 3 08/24/06 07:19 PM
by RRRR
* Study: Cell Phone Towers Do Not Affect Health DiploidM 511 0 07/26/07 06:08 PM
by Diploid
* Bugs Could Be Key to Kicking Oil Addiction RandalFlagg 913 3 02/13/06 10:12 PM
by Jim
* The Definitive Study: Mobile Phones Do Not Cause Cancer DiploidM 836 3 12/06/06 06:27 AM
by Diploid
* The "Super-phone" RandalFlagg 1,659 16 01/01/06 06:19 PM
by RandalFlagg
* My phone open for listeners? Fliquid 1,321 9 02/21/05 11:53 PM
by chocbruce
* Can anyone recommend a good cell phone? NickSoapdish 1,545 9 04/15/06 11:16 AM
by browndustin
* computer speakers+head phones q. mez 1,116 6 06/28/03 01:45 AM
by shroomsi8

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
228 topic views. 0 members, 0 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.018 seconds spending 0.006 seconds on 14 queries.