New Android Vulnerability Discovered, Affects 900 Million+ Smartphones

Four new bugs discovered on over 900 million Android phones could put the devices at risk.

The bugs were uncovered by Check Point, a security company who released a blog post detailing the vulnerability on August 8.

“QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets,” Check Point’s Adam Donenfeld wrote.

While the bugs could give attackers root access to the device, there’s no evidence of QuadRooter being used in attacks as of yet, according to the BBC.

Root access would allow an attacker full control of a device, including its data and hardware such as its camera and microphone, according to CNET.

For an attacker to gain access to a phone, they would have to get the user to download a malicious app — an attack that wouldn’t require any special administrative permissions, CNET reported.

Check Point released a list of devices that use Qualcomm chipsets that could have the vulnerability. They include:

• BlackBerry Priv
• Blackphone 1 and Blackphone 2
• Google Nexus 5X, Nexus 6 and Nexus 6P
• HTC One, HTC M9 and HTC 10
• LG G4, LG G5 and LG V10
• Motorola Moto X
• OnePlus One, OnePlus 2 and OnePlus 3
• Samsung Galaxy S7 and S7 Edge
• Sony Xperia Z Ultra

The security company also noted that since the chipset drivers are preinstalled on these devices, they can only be fixed with a patch from the phone’s distributor or carrier — who must first receive updated drivers patches from Qualcomm.

For those worried about attacks, Check Point has developed a free app called QuadRooter Scanner that can be used to determine if your phone is vulnerable to the bugs.

Google has said that a security patch that would fix one of the four flaws would not be available until September, CNET reported