Quadrooter, as the name suggests, is a set of four vulnerabilities affecting Android devices running on Qualcomm chipsets. So using any of these four vulnerabilities, an attacker can exploit a device by gaining root access to users’ phone. It is reported that over 900 million Android devices running on these Qualcomm chipsets. Qualcomm also launched the new Snapdragon 821 recently, which is upto 10 percent powerful than the 820.
Yes, that’s a lot of devices, and all these are affected by the ‘high’ risk privilege escalation vulnerabilities. With this, it would be easy for an attacker to trick the user into installing a malicious application. If any of these flaws are successfully exploited, then the attacker can gain root access. This would give a full access to the affected device to the attacker. This also includes all the Data, hardware like Microphone and camera.
Popular devices affected by this Vulnerability:
So as mentioned earlier, the devices running Qualcomm Chipsets are vulnerable to this attack. Google’s Nexus 5X, Nexus 6, and Nexus 6P, HTC’s One M9 and HTC 10, OnePlus One, OnePlus 2 and OnePlus 3, LG G4, LG G5, and LG V10, and Samsung’s Galaxy S7 and S7 Edge are some of those named vulnerable to one or more of the flaws. There will be more, but as of now, these are the confirmed ones. The recently launched Blackberry Dtek50, which the company claims to be the most secure Android smartphone in the world, is also vulnerable to this. According to a Qualcomm’s spokesperson, the chipmaker has fixed all of the flaws and had issued patches to customers, partners and also the open source community.
Also, most of these fixes have already gone into Android’s monthly set of security patches, which Google is rolling out early each month to its Nexus smartphone owners. So it is just about the time that other manufacturers also roll out those patches at the same time or in following days. It is expected that Google will be rolling out these fixes with the September security patch. So none of the devices will see a patch for this until next month. Note that, three out of four of these flaws have been fixed, but one is still outstanding, largely because the final patch wasn’t issued in time.
How to check
To check if your device is affected, you can download an application from the Play Store called the QuadRooter Scanner. It will scan your device and show the results as shown below. In our case, it shows all these vulnerabilities. This application also gives detailed information about the same. With that being said, we have to patiently wait for the September security patch from Google and then wait for the smartphone manufacturer to roll these patch out. Stay tuned for more info on this.