In an open ecosystem like Android, there will always be the danger of malware – no one knows that more than us. Last weekend at Defcon, another threat was revealed – “QuadRooter” is a set of four vulnerabilities that affect over 900 million devices at driver level. Let’s get into some detail as to what this threat is all about.

QuadRooter is basically made up of four vulnerabilities that affect Qualcomm chipsets at the driver level. If you sense the danger in that alone, you will be right – Qualcomm chipsets are used by around 60% of all Android handsets. Using the QuadRooter vulnerabilities, a hacker could inject an app with malware and somehow try and trick the user into installing it. From there, the app will be able to gain root access, and you know what happens when you gain root, right? Yes, all the data and all the fun begins. Scary.

There is good news – Qualcomm has submitted patches for three of the four vulnerabilities. But the last patch didn’t make it to the July patch, so it will most likely be fixed by September. Until then we will all have to be careful.

How? Well, first things first – stick to the apps you find on Google Play. There are people who talk about a lot of the bad things that Google’s app marketplace and services brings you, but they miss out on one thing – it still a safe haven for installing legit apps. You should also carefully read through permissions as you install and run apps for the first time, to make sure that an app doesn’t want full control over your phone.

SOURCE: Checkpoint Blog