Check Point certainly got everyone’s attention yesterday when they disclosed details of QuadRooter vulnerability at DEF CON 24 in Las Vegas.

So, here’s everything you need to know about what QuadRooter vulnerability is, which devices are affected, how it operates and what you need to do now.

THE IMPORTANCE OF OPEN SOURCE SECURITY Download

Whitepaper

What is QuadRooter Vulnerability?

QuadRooter is a set of 4 new vulnerabilities allowing an attacker to gain root access to an Android device. QuadRooter affects different modules of the Android system: -

IPC Router - Provides inter-process communication for various hardware drivers, user mode processes and components.

Provides inter-process communication for various hardware drivers, user mode processes and components. kgls_sync - Synchronizes the CPU and apps.

Synchronizes the CPU and apps. Ashmem - Android’s propriety memory allocation subsystem. It enables processes to share memory buffers efficiently.

- Android’s propriety memory allocation subsystem. It enables processes to share memory buffers efficiently. kgsl - Qualcomm’s kernel driver. It renders graphics by communicating with user-mode binaries

QuadRooter affects all Android phones and tablets which use Qualcomm chipsets. That’s around 900 million devices.

Some of the affected devices include, Samsung Galaxy S7 and Samsung S7 Edge, Sony Xperia Z Ultra, Google Nexus 5X, Nexus 6 and Nexus 6P and even the BlackBerry Priv, whose manufacturers boast is the world’s most secure Android.

How does QuadRooter Vulnerabilty Affect You?

In order for an attacker to gain access to a device, the user needs to first install a malicious app. Yet unlike other malware, this app requires no special permissions, removing any suspicions users may have before installing.

Once the malware is installed, the app can gain full root access to the Android device by exploiting any of the four vulnerabilities. Therefore, all system contents and controls (including sensitive data, microphone, GPS and system changes) can be accessed by the attacker.

QuadRooter Vulnerabilty Information and Patches

The NVD have released details of the vulnerabilities, and their CVEs are CVE-2016-2059, CVE-2016-2504, CVE-2016-2503 and CVE-2016-5340.

The vulnerabilities’ CVSS severity scores are all 7.8, meaning these are vulnerabilities where remediation is a real priority.

Thankfully, Checkpoint notified Qualcomm of the vulnerabilities between February and April 2016, allowing Qualcomm to provide Google with patches for all flaws between April and July 2016.

Subsequently, three of the flaws were fixed by Google’s August security updates, yet one didn’t make the cut as it wasn’t dispatched in time. This patch is due for release in Google’s September update.

There was a delay in issuing the fourth patch as phone manufacturers take Android open source code from Qualcomm, instead of directly from Google. Therefore, there's confusion about who fixes what between the two companies. This highlights the challenges of issuing timely updates for an open source operating system.

WHY ADOPT A SAAS SECURITY SOLUTION? Download

Whitepaper

Challenge of Updating an Open Source Operating System

As Android is open source, phone manufacturers routinely modify Android’s code base to customize their hardware and gain competitive advantage. These manufacturers are then responsible for updating their own devices with the latest software, but many don’t do it in a timely fashion.

Unsurprisingly, manufacturers who control both software and hardware are able to ship patches and updates more easily than those who don’t. We just need to look at the stats. 7.5% of Android devices are running its latest version, compared to 86% of Apple devices running the latest iOS version.