sb-as logo
Story image

Check Point uncovers new vulnerabilities affecting millions of devices

Mobile researchers from Check Point Software have found four new vulnerabilities affecting over 900 million Android smartphones and tablets.

Check Point lead mobile security researcher, Adam Donenfeld, recently revealed the vulnerabilities affecting Android devices built using the Qualcomm chipsets.

Qualcomm is the world’s leading designer of LTE chipsets, with a 65% share of the LTE modem baseband market in the Android ecosystem.

According to Check Point, the set of vulnerabilities are called ‘QuadRooter’. If exploited, the vulnerabilities give attacker complete control of devices. The software company says they could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.

Check Point says the vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. The estimated 900 million affected devices include these models:

  • Samsung Galaxy S7 & S7 Edge
  • Sony Xperia Z Ultra
  • Google Nexus 5X, 6 & 6P
  • HTC One M9 & HTC 10
  • LG G4, G5 & V10
  • Motorola Moto X
  • OnePlus One, 2 & 3
  • BlackBerry Priv
  • Blackphone 1 & 2

Michael Shaulov, head of head of mobility product management for Check Point says vulnerabilities like QuadRooter bring into focus the unique challenge of securing Android devices, and the data they hold. 

“The supply chain is complex, which means every patch must be added to and tested on Android builds for each unique device model affected by the flaws,” says Shaulov.

“This process can take months, leaving devices vulnerable in the interim, and users are often not made aware of the risks to their data. The Android security update process is broken and needs to be fixed.”

Check Point has created a free QuadRooter scanner app that's available from Google Play. The app enables Android users to find out if their device is vulnerable, and prompts them to download patches for the problem.  

Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Advanced threat actors engaged in cyberespionage up their game
"This recent activity signals a major leap in their abilities."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
Fujitsu, Trend Micro team up to secure private 5G
"We believe that this security solution represents a key technology for applying private 5G to mission-critical areas."More