With google making Android a buzz for everyone, and the OS being now spread over all over the world. This is the reason Serious security flaws that could literally give attackers complete access to a phone’s data have been recently found in software used on tens of millions of Android devices. The bugs were found by Checkpoint researchers looking at software running on chip-sets made by US firm Qualcomm. Processors made by Qualcomm are found in almost 900 million Android phones, all over the World, the company stated.
However, there is no direct evidence yet, of the vulnerabilities currently being used in attacks by cyber thieves. “I’m pretty sure you will see these vulnerabilities being used in the next three to four months,” said Michael Shaulov, head of mobility product management at Checkpoint. It has always been a cat and mouse chase between the good guys and the bad guys, as to who finds the bug first.
List of affected devices include BlackBerry Priv and Dtek50, Blackphone 1 and 2, Google Nexus 5X, Nexus 6 and Nexus 6P, HTC One, HTC M9 and HTC 10, LG G4, G5 and V10, Moto X, OnePlus One, OnePlus 2 and OnePlus 3, US versions of Samsung Galaxy S7 and S7 Edge, Sony Xperia Z Ultra. Mr Shaulov said six months of work to reverse engineer Qualcomm’s code revealed the problems. The flaws were basically found in the software that handles graphics and also in code that controls communication between different processes running inside a phone. Exploiting the bugs would allow an attacker to gradually be able to take more and more control over the device and gain access to data.
Checkpoint handed information regarding the bugs and proof of concept code to Qualcomm recently. In response , Qualcomm is believed to have created patches for the bugs and started using the fixed versions in its factories. Checkpoint has also created an app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any bugs, by looking to see if the patches for them have been downloaded and installed, and the best part about the app is, its FREE.
In addition, Mr Shaulov said Android owners should only download apps from the official Google Play store to avoid falling victim to malicious programs. Mr Shaulov also stated ” People should call whosoever sold them their phone, their operator or the manufacturer, and beg them for the patches,” really? Beg?. Maybe you should beg, in order to make sure that your data is secure and your phone is not vulnerable to any cyber thief. This is it for now, stay tuned for further updates on the story.