Tuesday, August 9, 2016

900 million Android-devices under threat because of the four “holes” in the Qualcomm processors – CNews.ru

Vulnerabilities in products Qualcomm

Qualcomm products contains four vulnerabilities, all of which allows you to get the operating system administrator access device. Researchers at Check Point Software Technologies was given the name of the whole group of vulnerabilities QuadRooter

Qualcomm -. The most popular manufacturer of chipsets for smartphones and tablets. According to ABI Research, in 2015 the company took 65% LTE-chipset worldwide market.

Reach Devices

QuadRooter found in Samsung Galaxy S7 and S7 Edge, LG G4, LG G5 and LG V10, Motorola Moto X, Sony Xperia Z Ultra, Nexus 5X, Nexus 6 and Nexus 6P, HTC one, HTC M9 and HTC 10, OnePlus one, OnePlus 2 and OnePlus 3, BlackBerry Priv, as well as smartphones Blackphone 1 and Blackphone 2 with enhanced protection and others. All these smartphones are equipped with chipsets Qualcomm’s, which can be cracked.

A total of QuadRooter, according to Check Point research, affects more than 900 million devices.

The hard way to eliminate vulnerabilities

The vulnerabilities are contained in the drivers, which are supplied together with the chipset Qualcomm. These chipsets are designed to control and interaction of various components. Drivers are integrated device manufacturers in devices firmware.

Qualcomm already eliminated the vulnerability on its part

Thus, the only way to eliminate the vulnerability – to obtain relevant upgrade from Qualcomm and distribute them among the owners of the devices. Make it could only manufacturers of smartphones and tablets, and operators who are engaged in distribution.

What allows vulnerability

When using QuadRooter attackers can gain complete access to personal According to the user on the device, which were not encrypted, can install a keylogger (keyboard reader), to track the current location of the owner, include a camera and a microphone.

The current situation

Researchers from Check Point at the beginning of 2016 gave all the information about the vulnerabilities, the company Qualcomm. That, in turn, has corrected all four vulnerabilities with his hand and gave an update device manufacturers and mobile operators. However, it is unclear which of them has already distributed updates.

Google spokesman told the newspaper Financial Times, that users install the latest version of Android with all updates, protected against three of the four QuadRooter vulnerabilities. The latest “patch” is scheduled to release in the near future. He did not specify which devices in question.


No comments:

Post a Comment