A high risk flaw has been found in Qualcomm chipsets and is now said to be affecting over 900 million Android based phones. It was revealed at the annual security conference, DEF Con 2016, which was held in Las Vegas, USA, yesterday.
The vulnerability, identified as QuadRooter, can be used by hackers to gain control of the victim’s device and has been tagged as “high risk” vulnerability.
“If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio,” wrote Check Point, the website which reported the issue first time, on its blog.
To trigger any of the four vulnerabilities, hackers will make you download a malicious app which would require no special permissions and access both hardware and software information of your smartphone.
As per reports, QuadRoot can affect four modules of the Android system namely IPC Router (inter-process communication), Ashmen (Android kernel shared memory feature), Kgsl (kernel graphics support layer) and Kgsl_sync (kernel graphics support layer sync). Essentially, the vulnerability affects smartphone drivers controlling inter-chipset communication.
Reportedly, the flaw in Qualcomm chipsets can only be fixed by OEMs through a software patch. So it is advisable to download any updates from the OEMs as soon as possible as it may contain the required security patch.
This is not the first time that something like this has come. Earlier this year, a similar situation was revealed where several Qualcomm processor running Android devices were at risk.
As of now, the latest vulnerability QuadRoot can affect latest smartphones like Samsung Galaxy S7, Galaxy S7 Edge , OnePlus 3, Google Nexus 5X, Nexus 6, Nexus 6P, LG G4, LG G5 , LG V10, OnePlus One, OnePlus 2, OnePlus 3 etc.