Site icon Check Point Blog

The QuadRooter Domino Effect

Component suppliers, Android device manufacturers and developers all test their products rigorously. Even still, vulnerabilities — both in hardware and software — can be found on the smartphones and tablets we trust with our sensitive data.

Until a patch for a vulnerability is installed, an affected device is exposed. That’s why fixing vulnerabilities like QuadRooter requires the cooperation of everyone in the Android ecosystem including researchers, suppliers, Google, device manufacturers, and carriers.

Check Point is committed to working with stakeholders throughout the industry to ensure users and enterprises are protected from advanced threats. Our team will continue working closely with suppliers, Google, device manufacturers, and carriers to identify vulnerabilities and to notify the Android ecosystem responsibly.

QuadRooter Scanner app for Android

Our QuadRooter scanner app uses code analysis of potential exploit techniques to detect CVE-2016-2504 and CVE-2016-2059 accurately without any effect the user’s device. But for CVE-2016-2503 and CVE-2016-5340, the only way to test if a device is vulnerable is by executing a partial exploit that could cause a device to crash and reboot, a situation Check Point considered unacceptable.

Instead, the scanner app queried the device for the most recently installed Android security update and:

As out-of-band security patches are made available and installed on affected devices before the July or September Android security updates, this detection method for CVE-2016-2503 and CVE-2016-5340 could return false positive results.

Working closely with the Qualcomm Product Security Team, Check Point made updates to the scanner app that more accurately reflect any QuadRooter risk to a user’s device. It now alerts users if a device is affected by CVE-2504 and CVE-2059, and provides additional information about CVE-2016-2503 and CVE-2016-5340.

Exit mobile version