Check Point today disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets. The Check Point mobile threat research team, which calls the set of vulnerabilities QuadRooter, presented its findings in a session at DEF CON 24 in Las Vegas.

What is QuadRooter?
QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.

Learn more: Download our QuadRooter report today.

Some of the latest and most popular Android devices found on the market today use these chipsets, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

See if your device is at risk: See scan results like these for your Android device

How are Android devices exposed to this vulnerability?
An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.

Learn the technical details of QuadRooter: Download our report today.

What Android devices are at risk?
QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. Any Android device built using these chipsets is at risk. The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices.

Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.

This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.

Protect Your Enterprise   |   Scan Your Personal Device

How can I protect employee’s devices from attacks using these vulnerabilities?
Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place.

What are the risks if an attacker exploits the vulnerability on a device?
If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.

How can my employees protect their personal devices from QuadRooter?
Check Point continues to recommend that organizations encourage employees to follow these best practices to help keep Android devices safe from attacks:

  • Download and install the latest Android updates as soon as they become available. These include important security updates that help keep your device and data protected.
  • Understand the risks of rooting your device – either intentionally or as a result of an attack.
  • Examine carefully any app installation request before accepting it to make sure it’s legitimate.
  • Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, practice good app hygiene by downloading apps only from Google Play.
  • Read permission requests carefully when installing any apps. Be wary of apps that ask for permissions that seem unusual or unnecessary or that use large amounts of data or battery life.
  • Use known, trusted Wi-Fi networks or while traveling use only those that you can verify are provided by a trustworthy source.
  • End users and enterprises should consider using mobile security solutions designed to detect suspicious behavior on a device, including malware that could be obfuscated within installed apps.

For users who use their personal Android devices for work purposes, Check Point also recommends the following considerations:

  • Enterprises should deploy a mobile security solution that detects and stops advanced mobile threats.
  • Contact your mobility, IT, or security team for more information about how it secures managed devices.
  • Use a personal mobile security solution that monitors your device for any malicious behavior.

Where can I learn more about QuadRooter?
The Check Point mobile threat research team has compiled a report that includes a detailed analysis of each vulnerability and how attackers can exploit these on Android devices. Also available is a free QuadRooter scanner app on Google Play, which can tell you if these vulnerabilities exist on your device.

   Protect Your Enterprise   |   Scan Your Personal Device

  1. Michael Westcott says:

    It would be more useful to say which Qualcomm SoCs are potentially affected by this bug instead of just listing devices…

  2. I’ve just spoken to my phone provider EE about this and they sY they are not aware of the problem and that I’m the only call they’ve had today about it. I read out the article from the BBC website to them. I also down loaded the app to scan for this as advised. It says I have all four viruses. EE said they’ve no update to give me as they have not received any security virus threats. I’m confused.

  3. “Also available is a free QuadRooter scanner app on Google Play”

    I’d specify the name of the app; I can easily see an app exploiting QuadRooter masquerading as a scanner app.

  4. Petteri Järvinen says:

    Samsung S6 and S7 sold in Europe (at least in Finland) seem to be fine, because they use Exynos-chip.

  5. Good news for people who want to root their phones!

    I don’t think anyone in history has been affected by a hacker on their phone outside of celebrity iPhones.

  6. BlackBerry said that their Android devices (priv and dtek50) can not be rooted, because they use hardware Root of Trust for all their devices. So although Priv used Qualcomm chipset but it can not be rooted or effected by this error.

  7. Just tested on my S7 Edge – zero vuln’s. Happy to send a screenshot if you give an address. Also tested on a new BlackBerry DTEK50 – only vuln to CVE-2016-5340.

    • You probably tested the Exynos variant of the S7 (this only affects Qualcomm).
      As for the rebranded Alcatel Idol 4, good to know Blackberry is keeping up with the Nexus Security Bulletins — props to them.

  8. Akhilesh Singh says:

    The article here is good and would obviously help users to keep track of the malware which might effect their mobiles. But I am little bit confused about QuadRooter malware-is the user completely depended upon the new patches or is there anything else which the user can perform to safeguard their mobile phones from such viruses or malware attacks?

  9. Iam an user of 1+3, I was under the impression that Android based security was sufficient. Earlier when I was using a Sony deivce, I had installed AVAST security. Now reading into this article, Iam convinced that I need a Third Party security solution till Android comes up with a security patch in tandem with Qualcomm, completely air-tighting the above vulnerability. Can someone suggest a security solution avialable on the Google Play to counter the above vulnerability. Tks.

  10. Why your application, QuadRooter Scanner, doesn’t have valid checks for CVE-2016-5340 and 2053. Before latest update on play store check was based on whether or not you have Qualcomm chipset and kernel version, and now you don’t check them at all.

    Are you planning to implement valid checks?

  11. I’ve been surfing online greater than 3 hours nowadays, yet I never
    discovered any interesting article like yours.
    It is pretty value sufficient for me. In my opinion, if all site owners and bloggers made good content
    material as you probably did, the web shall be a lot
    more useful than ever before.

    Also visit my homepage … Amy

  12. I downloaded the Quadrooter tool from the Google Playstore and unfortunately my device which is a Samsung Galaxy J5 (2016) is vulnerable.

    I use Malwarebytes for Android as my security software and hope that will be sufficient. It’s free from the Playstore and includes real time protection.

    How long it’ll take Samsung to fix the problem is anybody’s guess.

  13. Awesome work!

    I’ve been able to reproduce the list corruption and can confirm that I am overwriting the free msm_port_ptr object. However, I am unable to trigger the use of this object.

    I have been trying to close a client port to invoke post_control_ports(). However, my phone always makes it past the close, and dies later on when I try to do the race again. Did you have to do anything more than just close a client port to cause the kernel to use the overwritten data?


Comments are closed.