Android bug fear in 900 million phones!

snips86x

snips86x

snips86x

Soldato
Joined
14 Nov 2012
Posts
17,973
Location
Chesterfield
Serious security flaws that could give attackers complete access to a phone's data have been found in software used on tens of millions of Android devices.

The bugs were uncovered by Checkpoint researchers looking at software running on chipsets made by US firm Qualcomm.
Qualcomm processors are found in about 900 million Android phones, the company said.

However, there is no evidence of the vulnerabilities currently being used in attacks by cyberthieves.

"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head of mobility product management at Checkpoint.

"It's always a race as to who finds the bug first, whether it's the good guys or the bad."

Affected devices included:

BlackBerry Priv and Dtek50
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6 and Nexus 6P
HTC One, HTC M9 and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2 and OnePlus 3
US versions of the Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra
Click to expand...

http://www.bbc.co.uk/news/technology-37005226

This does not look good in the slightest...
 
Qualcomm have already released patches so it's now up to manufacturers to pull their fingers out of their backsides and get them pushed to the phones.
 
That's not good at all, I hope they release a patch asap. Edit, didn't realise a patch was out, as above they need to get this sorted out.
 
The August patches contains the fixes so it should be arriving soon... at least for manufacturers that stays on top of this. Phones not based on Qualcomm SoCs won't have this issue.
 
My LG G4 on the latest cyanogenmod 13 nightly is still vulnerable. Security patch dated 5 August 2016.

This will tell you if your device is vulnerable at all: https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter

Screenshot_20160808_194831.png
 
thebennyboy said:
My LG G4 on the latest cyanogenmod 13 nightly is still vulnerable. Security patch dated 5 August 2016.

This will tell you if your device is vulnerable at all: https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter

Loading…

s9.postimg.org
Click to expand...

Same here on my 6P currently on 5th July, but 2504 should be the one that's patched, how odd.

slipd said:
Right, should I be worried :(

https://s9.postimg.org/j7i4hc7gf/1322.png
Click to expand...

Well, Sony is not exactly known for speedy security updates :p.
 
So the samsungs s7s in the uk use the alternative chip, and thus are not affected.
A chip with root vulnerabilties, that must then be patched in software.
Smells awfully like a hardware backdoor that some naughty scamp has discovered.

Now wheres my tinfoil...
 
Yes it's important things like this get fixed, but press releases like this are just hyped-up advertising spots.

I swear some people would have a heart attack if every single vulnerability were disclosed with a big clickbait title and "news" article. Keep your device up to date and install security updates as they become available - chances are if somebody really wants your data they already have it anyway.
 
leaskovski said:
If you are on "Google Nexus 5X, Nexus 6 and Nexus 6P", I dont expect it to be an issue. The others... well good luck with that.
Click to expand...

This! The main reason why I stick to nexus devices :p

Got the august update on both my 5x and 7 2013 tablet 3 days ago.
 
Last edited:
kona786 said:
I'm yet to hear about anyone actually being caught out by these bugs and the ones before it.
Click to expand...
The exploits mostly go after soft targets so Middle-Asia areas where there isn't much / any oversight on app stores. They have to be found by the bad people too although these apps apparently speed the process up when they get reverse engineered etc...
 
You must log in or register to reply here.
Back
Top Bottom