Qaulcomm Bug Can Auto-Root 900Million Devices

[DroidModderX]

​

An alarming new bug dubbed "Quadroroot" affects more than 900Million Devices. The security bug in Qualcomm chips can be used by an attacker to auto-root your device and gain complete access. The flaw is a 4 part hole in Qualcomm's security. Three of the holes have already been patched, but the patch for the final flaw wasn't submitted to Qualcomm in time for the last round of patches so it has been left wide open. The next update won't arrive for a few weeks and so far there has been no word from Google or Qualcomm as to whether or not a quick fix will be released to close the hole. For now it is unclear if anyone has been able to create an actual exploit for this particular bug. Some devices that include the flaw are the Nexus 5X, Nexus 6, Nexus 6P, Htc One M9, HTC 10, Samsung Galaxy S7, Galaxy S7 Edge and more.

via ZDNet

Update: After speaking with a Security Expert, "Quadrooter" seems to be another hypbeast click inducing name for what amounts to a typical root exploit. There are 4 different bugs to contend with here. Many of these have already been patched, and none of these allow for complete control of your device.

 

[Narsil]

OH MY SWEET BABY JAY, NO!! MY 6P COULD BE ROOTED!!

Oh wait. I did that myself an hour after Google delivered it.

 

[johnomaz]

So I can use this to root my S7 Edge easily?

I love how they spin it as a bad thing but man, I just want easy root on my phone.

 

[akhenax]

How does this "exploit" affect devices already rooted?

 

[Sajo]

I love how the media spins these things G's out of control. Really....can root 900 million devices? How about 900 million devices are possible vulnerable. Possibly....key word. If the hacker send you malicious files and you open them, or if the hacker publishes a malicious app and you side load it. Too many "ifs" there for me to worry about.

Sent from my XT1585 using Tapatalk

 

[Sajo]

How does this "exploit" affect devices already rooted?

It makes no difference. If they hack your device they root it to steal your data.

Sent from my XT1585 using Tapatalk

 

[xeene]

Oh yeah! Not that I care lol.

 

[Sajo]

But vulnerable does not mean that you have been hacked...or infected. Right? Am I missing something. Vulnerable just means it's not patched yet. Our phones are probably "vulnerable" to sooooo many things we don't even know about yet. How convenient that someone already make a Quad Copter Rooter Checker app, probably the same company that found the vulnerability.

Sent from my XT1585 using Tapatalk

 

[Jeffrey]

The full list of affected devices are:

• BlackBerry Priv
• Blackphone 1 and Blackphone 2
• Google Nexus 5X, Nexus 6 and Nexus 6P
• HTC One, HTC M9 and HTC 10
• LG G4, LG G5, and LG V10
• New Moto X by Motorola
• OnePlus One, OnePlus 2 and OnePlus 3
• Samsung Galaxy S7 and Samsung S7 Edge
• Sony Xperia Z Ultra

 

[Mustang02]

Lol. Please try.

 

[Sajo]

Any idea which "New Moto X"? Not that I am concerned one bit, just curious since I have a few newer Moto X's.

Sent from my XT1585 using Tapatalk

 

[Sajo]

Lol. Please try.

I am sending you malicious files via SMS now....don't open the attachment.

Just kidding... obviously.

Sent from my XT1585 using Tapatalk

 

[Mustang02]

Threatening to 'expoit' a phone that already can be unlocked and rooted isn't much of a threat.

 

[Sajo]

So, from what I gather this "threat" does not root your phone for you, the hacker can gain root access to enable them to steal personal data.

Sent from my XT1585 using Tapatalk

 

[xeene]

An attacker would have to trick a user into installing a malicious app, which unlike some malware wouldn’t require any special permissions.

The bad news, then, is that once the app is installed, it can gain full root access to the device without requesting permissions from the owner, but you’re not at risk if you stick to known apps installed directly from Google Play.