Security vulnerabilities found in software is nothing new, but with Android’s market share going from strength to strength, every such flaw in the world’s largest computation platform leaves millions of users potentially vulnerable to cybercrime unless these are patched up before they become an issue. The latest set of security vulnerabilities found in Android are said to affect as many as 900 million devices worldwide. According to reports, the four new exploits, dubbed ‘Quadrooter’, were discovered by security researchers at cyber security firm, Check Point, and were detailed at the Def Con security conference on Sunday by Mr. Adam Donenfeld, the company’s chief of mobile security.
According to Mr. Donenfeld, the vulnerabilities can be used by hackers to gain root access on Android devices remotely, which would then give them complete access to all the data in the compromised systems. Not only that, they will also be able to gain full control of hardware components on such systems, including cameras and microphones. All a cybercriminal apparently needs to do to take over an unsuspecting user’s device remotely, is to trick them into installing just a single malicious app that won’t even require any special permission at the time of installation. The issue is said to affect only devices that ship with Qualcomm chips, but the San Diego-based chipmaker has claimed that it has fixed all the four flaws already. Google, for its part, says that it too, has fixed up three of the four reported flaws as part of its August security update. The fourth and final flaw will be patched up in the next security bulletin released by the company.
Even as Qualcomm and Google have largely done their bits, it remains to be seen how long the vendors take to patch up their devices, and if any device beyond their flagships will even get the patches in the first place. Some of the more recent smartphones said to be affected by the vulnerabilities, include Google’s own Nexus 6P, Nexus 5X and the Nexus 6. Other affected devices include the HTC One M9 and the HTC 10. Samsung’s Galaxy S7 and S7 Edge are also said to be affected by the vulnerabilities. What’s interesting is that the BlackBerry DTEK50, which was recently unveiled by the Canadian firm as the world’s most secured smartphone, is also said to be vulnerable to one of the four flaws.