New Vulnerabilities Found Affecting Millions of Android Devices

ShockedUpsetNerdSmartphone

New Stagefright Vulnerability Found, Millions of Android Devices Affected.

There have been tremendous developments in the mobile phone technology over the last decade.

Unfortunately, these developments are often accompanied by growing incidences of cybercrime.

Today, numerous high-profile breaches as a result of malware and other sophisticated cyber-attacks are documented every year.

Android devices are not immune to these breaches. Certain inherent vulnerabilities make these cyber-attacks very possible.

The problem with Android devices is that their vulnerabilities are quite difficult to handle.

There are three main reasons why they are difficult to fix; there are very many Android device models, different versions of operating systems and the presence of specific software modifications.

A research team from Check Point Software Technologies recently documented four vulnerabilities that they discovered were affecting more than 900 million Android mobile phones and tablets.

Here is a comprehensive and detailed account of these vulnerabilities as well as the ramifications for cyber security due to the same.

THE VULNERABILITIES

Qualcomm-Android-devices

Quadrooter Vulnerability Affects Android Devices, Check If You Are Infected

The set of four vulnerabilities discovered by Check Point is referred to as QuadRooter.

It primarily affects the Android devices that are built on Qualcomm chipsets.

Qualcomm is a company that designs LTE chipsets and happens to be an industry leader boasting of a 65 % share of the market for LTE modem baseband.

The bad news is that skilled cyber criminals can exploit any one of these four vulnerabilities.

The criminals could be able to gain root access to the Android devices and also activate privilege escalations.

Rooting is a practice that allows administrative control of a mobile device.

Rooting can allow apps to execute privileged commands that are not often accessible on devices that have been configured from the factory.

Once an attacker has control over these commands, they can use them to complete a number of operations including but not limited to adding or deleting apps, removing or altering files at the system level as well as gaining access to the hardware on the devices such as the microphone, cameras, touchscreens and other sensors.

A cyber attacker can be able to exploit these vulnerabilities by employing malicious apps.

Such apps require no special permission. This means that many smartphone users will not suspect anything when they are installing the apps.

The main location of the vulnerabilities is in the software drivers contained in the Qualcomm chipsets.

The primary function of these drivers is to control communication between the different components of the chipsets.

Problems arise when they are incorporated into the Android builds developed by the manufacturers of the mobile devices.

These drivers are pre-installed on the devices during the manufacturing process and can only be fixed by patches issued by the carriers or distributors.

Qualcomm was provided with the information about the vulnerabilities by the research team from Check Point in April this year.

According to Check Point, Qualcomm classified these vulnerabilities as high risk and provided patches to the original equipment manufacturers (OEMs).

Android devices made by OEMs including HTC, LG, Samsung, and Motorola among others are part of the estimated 900 million affected devices.

Some of the popular devices on the market today that are subject to the QuadRooter vulnerabilities include Sony Xperia Z Ultra, Samsung Galaxy S7 and S7 Edge, BlackBerry Priv, Google Nexus 6, 6P and 5X, HTC 10 and One M9, LG G4 and New Moto X.

AFFECTED ANDROID SYSTEMS

These unique vulnerabilities negatively impact four modules, and this puts the whole Android system at risk.

The modules include;

1. IPC ROUTER

The Inter-Process Communication (IPC) router module facilitates inter-process communication between several Qualcomm components, hardware devices, and user mode processes.

2. KGSL AND KGSL-SYNC

The kernel graphics support layer (kgsl) refers to a driver that communicates with user mode binaries to render graphics.

Synchronization between a phone’s CPU and the apps is made possible by the kgsl-sync.

3. ASHMEM

Ashmem is also called Android kernel anonymous shared memory feature.

It is the propriety memory allocation system of the Android operating system.

It facilitates the efficient sharing of memory buffer between various processes.

The Ashmem systems employed by Android devices built on Qualcomm chipsets are modified.

This provides access to the subsystem API using the GPU drivers.

RECOMMENDATIONS

Check point has provided several recommendations that can help Android device users to better protect themselves from these vulnerabilities.

These include;

• Downloading Android updates as they become available. Regular security updates go a long way in protecting the devices from the vulnerabilities.
• Avoiding the practice of installing apps for unverified third-party sources. They recommend that all apps be downloaded from Google Play.
• Thoroughly going through the permission requests when users are installing apps.
• Android users should avoid using unknown and untrusted Wi-Fi networks.
• Employing mobile security solutions such as the latest malware detection software and an effective anti-virus.
• Android users should never intentionally root their devices.

A long lasting solution to the occurrence of these vulnerabilities can only be found through proper standardization coordination between all the stakeholders in the smartphone supply chain.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.