Four newly discovered vulnerabilities found in Android phones and tablets that run on Qualcomm chip may allow bad actors (attackers) to take total control of your device. This according to ZDNet affects over 900 million Android devices. This comes a little over a month ago when an Israeli researcher was able to extract encryption keys from Qualcomm powered Android devices based on two vulnerabilities involving CVE-2015-6639 andCVE-2016-2431which Google and Qualcomm have both claimed to have been fixed with the first in January and the other in May and have made payout to the researcher in their bug bounty program.
The attacker could use these vulnerabilities known as Quadrooter by deceiving unsuspecting users to install a malicious app. These apps according to ZDNet don’t even require special permissions which we are used to and this makes this threat special because it makes installation as easy as possible to a user. Upon gaining access to the victim’s device, the attacker can gains control of the entire device and will give them access to your information including hardware components like microphone and camera.
A patch is coming according to ZDNet. It says security firm Check Point said most phone makers have devices that are vulnerable.
Google’s Nexus 5X, Nexus 6, and Nexus 6P, HTC’s One M9 and HTC 10, and Samsung’s Galaxy S7 and S7 Edge are some of those named vulnerable to one or more of the flaws.
The recently-announced BlackBerry DTEK50, which the company touts as the “most secure Android smartphone”, is also vulnerable to one of the flaws.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
