Hundreds Of Millions Of Qualcomm-powered Android Devices Vulnerable To QuadRooter Family Of Flaws

As with every year, this past weekend’s Defcon event had its fair share of interesting revelations – but none quite holds a candle to this one. Check Point Software Technologies revealed that hundreds of millions of Android devices are susceptible to one of four vulnerabilities that could lead to privilege escalation.

The source of the problem is found within the firmware of many Qualcomm Snapdragon SoCs, and all four of them were reported to the company between February and April. To date, Qualcomm has patched three of the four vulnerabilities, but work remains to be done to fix up the fourth.

Here’s the problem (if it isn’t obvious): most Android handset sellers are not in the habit of patching older devices, which in turn leaves those still in use with gaping holes in their security. This particular Qualcomm issue is a perfect example of this: we’re talking hundreds of millions of devices.

Unfortunately, even if Qualcomm and Google were to send out patches to end-users, applying them would prove an exercise in patience. At the very least, the devices would need to be rooted. It simply seems very unlikely that a patch would ever be issued this way, however, so what’s probably clear is that if you run an older device with this flaw, you’re likely going to be dealing with it until you retire the device.

Check Point has dubbed this set of vulnerabilities as “QuadRooter”, which in effect means four different ways to gain root.

Who’s not affected: if your device is running a patch level dated August 5, 2016, you’re golden. Unfortunately, that is going to be very few devices at this particular point in time. If you are running a major device released within the last two years, you could probably feel pretty confident that you will see the update in some form soon. For everyone else, we’ll have to wait and see if other solutions arise.