Product Promotion Network

Figures

Toys – Static Model Building Kits – Figures

Qualcomm aware of ‘QuadRooter’ since February; Sony Mobile, BlackBerry release statements

Yesterday it was reported that over 900 million Android devices running Qualcomm chipsets1 were at risk because of a potentially serious security flaw.

However, it seems that Qualcomm has been aware of this for months, and has been on the case as well.

Cyber-security company Check Point said that the “QuadRooter” risk is “a set of four vulnerabilities that gives attackers complete control of your Android” device.

In response to queries from Khaleej Times, Qualcomm provided the following statement:

“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc (QTI). We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July. The patches were also posted on CodeAurora.

QTI continues to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities.”

The San Diego, California-headquartered telecommunications equipment maker also provided the CodeAurora links containing the information, which you can read here, here and here (though it just might be a bit too geeky for most of us).234

Meanwhile, Sony Mobile also responded to Khaleej Times’ request for comment on the QuadRooter issue.

“Sony Mobile takes the security and privacy of customer data very seriously. We are aware of the ‘Quadrooter’ vulnerability and are working to make the security patches available within normal and regular software maintenance, both directly to open-market devices and via our carrier partners, so timings can vary by region and/or operator. Consumers are recommended to continuously upgrade their phone software in order to optimise performance of their Xperia smartphone. Users can take steps to protect themselves by only downloading trusted applications from reputable application stores.”

UPDATE: BlackBerry has sent this statement to Khaleej Times regarding the matter, pledging immediate action:

“BlackBerry is aware of the Quadrooter flaws and the vulnerabilities that affects the majority of Android devices. A fix for BlackBerry’s Android devices was integrated and tested in our labs immediately after the report was received and we will expedite it to customers as soon as possible.”

“BlackBerry is not aware of any exploits for this vulnerability in the wild and does not believe that any customers are currently at risk from this issue. More importantly, this issue shows how ‘secure’ is not a target, it is a continuum. ?The complex nature of software makes it prone to exposures and vulnerabilities.

That means to achieve BlackBerry’s standard of being the most secure, we must practice and enable these tenets5: security by design; continual and fast security updates; and total control and visibility of your privacy and security.”

– alvin@khaleejtimes.com

References

  1. ^ 900 million Android devices running Qualcomm chipsets (www.khaleejtimes.com)
  2. ^ here (www.codeaurora.org)
  3. ^ here (www.codeaurora.org)
  4. ^ here (www.codeaurora.org)
  5. ^ tenets (blogs.blackberry.com)

Are 900m Qualcomm-powered Android devices at risk?

Qualcomm’s processors are powering over 900 million Android devices globally, which would be a haven for hackers should a vulnerability can be exposed and exploited.

Apparently, that could be the case, according to a not-so-inspiring report.

Cyber-security firm Check Point says that it has uncovered1 a set of four vulnerabilities affecting almost a billion Android devices that use Qualcomm chipsets.

The company called the issue “QuadRooter2“, which, according to them, is “a set of four vulnerabilities that gives attackers complete control of your Android smartphone or tablet”.

“These vulnerabilities are found on out-of-the-box devices and can only be fixed by installing patches when they become available,” the report added.

The company listed the following devices as among those that can potentially be compromised: BlackBerry Priv; Blackphone 1 and 2; Google Nexus 5X, Nexus 6 and Nexus 6P; HTC One, M9 and 10; LG G4, G5 and V10; the new Motorola Moto X; OnePlus One, 2 and 3; Samsung Galaxy S7 and S7 Edge; and Sony Xperia Z Ultra.

While there has been no proof so far that these vulnerabilities have been used for illegal means, it could happen “in the next three or four months”, Check Point head of mobility product management Michael Shaulov said in a BBC report.

In the UAE, the devices listed are available either from retailers, online or both.

However, latest figures from the Telecommunications Regulatory Authority (TRA) show that there might not be much of a concern here in the UAE.

The TRA report3, released on August 7, revealed that in the first quarter of 2016, 68.9 per cent of handsets registered on the UAE’s networks were smartphones, with the iPhone 6 and iPhone 5 – which use ARM chipsets – being the most used at 4.48 per cent and 2.39 per cent, respectively.

The Samsung J100H/J1, which uses Spreadtrum, and the iPhone 6s were third (1.81 per cent) and fourth (1.69 per cent), respectively. The Nokia 108 feature phone was overall the second most-used phone at 2.92 per cent.

The report added that Samsung is the most widely-used brand in the UAE in the January-to-March period, boasting a 33 per cent share of all registered handsets. Nokia was second at 28 per cent, followed by Apple (14 per cent) and BlackBerry (two per cent).

However, no specific device breakdown was provided.

As at Press time, the TRA was unreachable for comment.

Khaleej Times also sought statements from device manufacturers listed in the Check Point report.

BlackBerry says that its engineers in its headquarters in Canada are looking into the matter, while LG Gulf says it has not received any statement from its corporate offices in Seoul.

HTC, Samsung and Sony Mobile did not respond to requests either, while Qualcomm has yet to release a statement on the report.

Shaulov is just hopeful that those who would find the bugs first are the type who would squash them.

“It’s always a race as to who finds the bug first – whether it’s the good guys or the bad.”

– alvin@khaleejtimes.com

References

  1. ^ uncovered (bit.ly)
  2. ^ QuadRooter (bit.ly)
  3. ^ TRA report (bit.ly)
1 2 3 89