Hulu Updated Its Terms of Use And Privacy Policies
FBI Director Calls For A National Discussion About Encryption Versus Safety. What Next

Security Flaws Place 900 Million Android Phones And Tablets At Risk

Researchers have found a security flaws that could place as many as 900 million Android operating system (OS) phones and tablets at risk. The four vulnerabilities, called "Quadrooter," allows attackers to take complete control of phones which use the Qualcomm chip. Which phones are affected? C/Net reported:

"Google's own branded Nexus 5X, Nexus 6, and Nexus 6P devices are affected, as are Samsung's Galaxy S7 and S7 Edge, to name just a few of the models in question. The recently-announced BlackBerry DTEK50, which the company touts as the "most secure Android smartphone," is also vulnerable to one of the flaws."

Researchers at Check Point discovered the security flaws. The Check Point blog explained:

"QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device... Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm..."

The Check Point blog listed affected phones and tablets. It also emphasized:

"This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data."

Wow! There it is in writing for all to read. And we know from prior reports that manufacturers and wireless carriers don't provide OS updates for all Android phones.

Reportedly, Google said the security patch will be available in September.

We've been here before. Google needs to fix its Android security model. If it doesn't (or can't), that may make consumers doubt the reliability and trustworthiness of Google driverless cars.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)