Four newly discovered vulnerabilities found in Android phones and tablets that run on Qualcomm chip may allow bad actors (attackers) to take total control of your device. This according to ZDNet affects over 900 million Android devices. This comes a little over a month ago when an Israeli researcher was able to extract encryption keys from Qualcomm powered Android devices based on two vulnerabilities involving CVE-2015-6639 and CVE-2016-2431which Google and Qualcomm have both claimed to have been fixed with the first in January and the other in May and have made payout to the researcher in their bug bounty program.
The attacker could use these vulnerabilities known as Quadrooter by deceiving unsuspecting users to install a malicious app. These apps according to ZDNet don’t even require special permissions which we are used to and this makes this threat special because it makes installation as easy as possible to a user. Upon gaining access to the victim’s device, the attacker can gains control of the entire device and will give them access to your information including hardware components like microphone and camera.
A patch is coming according to ZDNet. It says security firm Check Point said most phone makers have devices that are vulnerable.
Google’s Nexus 5X, Nexus 6, and Nexus 6P, HTC’s One M9 and HTC 10, and Samsung’s Galaxy S7 and S7 Edge are some of those named vulnerable to one or more of the flaws.
The recently-announced BlackBerry DTEK50, which the company touts as the “most secure Android smartphone”, is also vulnerable to one of the flaws.
You can read the full report on ZDNet here