Almost a billion devices may be at risk from QuadRooter Android flaw

Almost a billion devices may be at risk from QuadRooter Android flaw


Check Point researchers have warned of a security hole in the microchips used in almost a billion Android devices that – if exploited – could give hackers complete access:

An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.

Sign up to our free newsletter.
Security news, advice, and tips.

The set of vulnerabilities, dubbed QuadRooter, disclosed during a session at Def Con in Las Vegas, and are present in Qualcomm chipsets used by many of the most popular Android devices, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

If left unpatched, the QuadRooter vulnerabilities could give attackers complete control of compromised devices, allow malicious hackers to access sensitive information, and plant malware.

Check Point has released a free scanner app to help Android users know if their personal devices are at risk.

In addition Check Point offers sensible advice in its blog post for Android users to apply the latest OS security updates (if they are made available, of course…), to be wary of installing apps from unknown sources, and to double-check that the permissions requested by Android apps are appropriate.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Almost a billion devices may be at risk from QuadRooter Android flaw”

  1. Neville Fernandez

    I have a Samsung Note 3 (AT&T) running Lollipop that was given to me by my employer. It was purchased in the US. It's been over a year now and no updates have been pushed by them. Compare that to my Lenovo K3 Note that I purchased in India where I get regular updates. The difference is that in India, the mobile mobile phone market is not in the stranglehold of the carriers. In fact, buying an unlocked phone not tied to any carrier is the norm. I hope the US carriers a more responsive when it comes to releasing patches and updates.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.