What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Qaulcomm Bug Can Auto-Root 900Million Devices

xeene said:
An attacker would have to trick a user into installing a malicious app, which unlike some malware wouldn’t require any special permissions.

The bad news, then, is that once the app is installed, it can gain full root access to the device without requesting permissions from the owner, but you’re not at risk if you stick to known apps installed directly from Google Play.
Click to expand...

I've never seen an app get full root permissions on the phone without me explicitly giving it. How does that happen, maybe in recovery?
 
Galaxy S7 Edge
KMeGySV.png
 
If you're concerned about apps accessing data you don't want them to (even ones that "require" it to function) check the XPrivacy module for Xposed. It spoofs your apps into using blank data files so that your actual information is protected if you want it to be but used only by the apps you allow. It's pretty amazing to me what it does. I can now use apps that I wouldn't ordinarily use because I was unwilling to give a game access to my text messages and contacts. Now, the game is happily data-mining blank files and I'm happily playing.

I wonder if XPrivacy would do the same to a malicious rooting app? Of course, you have to already BE rooted to use XPrivacy.
 
sajokaz said:
Any idea which "New Moto X"? Not that I am concerned one bit, just curious since I have a few newer Moto X's.

Sent from my XT1585 using Tapatalk
Click to expand...
I would surmise the word "New" to mean specifically the second generation Moto X given the exploit is for a specific generation of Qualcomm processor class.

Sent from my XT1585 using Tapatalk
 
What's most impressive to me is that the Blackphones are part of the affected group. This just goes to show you that the more complicated these devices become the harder it is to secure them and the more likely that unknown bugs can result in exploits.

Sent from my XT1585 using Tapatalk
 
Narsil said:
If you're concerned about apps accessing data you don't want them to (even ones that "require" it to function) check the XPrivacy module for Xposed. It spoofs your apps into using blank data files so that your actual information is protected if you want it to be but used only by the apps you allow. It's pretty amazing to me what it does. I can now use apps that I wouldn't ordinarily use because I was unwilling to give a game access to my text messages and contacts. Now, the game is happily data-mining blank files and I'm happily playing.

I wonder if XPrivacy would do the same to a malicious rooting app? Of course, you have to already BE rooted to use XPrivacy.
Click to expand...
Excellent advice for those of us who do run rooted phones. It is also just one more reason that being able to root is desirable for some. I would add this to my (very short) list of reasons though my phone, the Motorola Turbo 2 is (afaik) as of yet not rooted.

Sent from my XT1585 using Tapatalk
 
Here's something I have been curious about. It seems like there have been quite a few supposed "major vulnerabilities" making so many headlines the past year or so (Stagefright, QuadRooter, etc.); scaring many people that may not understand the difference between vulnerable and infected. Has anyone actually heard of a phone becoming infected by one of these? Truly infected and hacked with malicious code?
 
sajokaz said:
Here's something I have been curious about. It seems like there have been quite a few supposed "major vulnerabilities" making so many headlines the past year or so (Stagefright, QuadRooter, etc.); scaring many people that may not understand the difference between vulnerable and infected. Has anyone actually heard of a phone becoming infected by one of these? Truly infected and hacked with malicious code?
Click to expand...
Every one of your posts is infected...
;)
Seriously, no.
 
sajokaz said:
I am sending you malicious files via SMS now....don't open the attachment. [emoji12] [emoji95]

Just kidding... obviously.

Sent from my XT1585 using Tapatalk
Click to expand...
I don't wanna be left out of this party, Send me some malicious files too please.

Seriously, If you can root your phone it's vulnerable... wtf... just wtf, way to try to scare people.
 
Yes, it offers apps for sale that would prevent this from maybe occurring...
Like Norton and their programmers that make viruses on the side to create a need for the virus software...
 
You must log in or register to reply here.

Similar threads

D
Android Left Vulnerable In November Security Patch
Replies
0
Views
3K
DroidModderX
D
D
The Galaxy S4 Has Been Rooted! For Real This Time!
Replies
0
Views
2K
DroidModderX
D
J
Google fixes two serious Android security flaws
Replies
0
Views
3K
Jeffrey
J
D
Qualcomm Exec Calls Snapdragon 810 Overheating Rumors 'Rubish'
Replies
5
Views
2K
94lt1
9
D
Snapdragon 820 Galaxy S7 Has Root!
Replies
2
Views
2K
dezymond
D
Back
Top