A new Android flaw has been reported by security researchers that is claimed to affect roughly 900 million Android devices. Check Point mobile research team first reported the issue and claims that it affects all devices using Qualcomm chipsets.
Found in devices running Qualcomm processors, QuadRooter includes four vulnerabilities, any of which can be used by hackers to take control of a smartphone. "If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio," says Check Point in a blog post.
Hackers can trigger any of these four vulnerabilities using a malicious app. "Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing," adds the post.
However, there is no evidence of the vulnerabilities currently being used in attacks by cyber thieves.
"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head of mobility product management at Checkpoint.
"It's always a race as to who finds the bug first, whether it's the good guys or the bad."
Checkpoint has created a free app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any of the bugs, by looking to see if the patches for them have been downloaded and installed.
Check Point also recommended users to download and install the latest Android updates as soon as they become available, avoid side-loading apk files, read app permission requests carefully while installing apps and more.