Last week, the leading discussion among cyber security circles was about Quadrooter, a security bug reportedly targeting Android devices. There were rumors like – already 900 million Android devices are on threat because of this security bug. We, Safe with Tech team is trying to disclose what’s the actual reality behind these rumors.
Where it started?
It was security researcher Adam Donenfeld from Check Point Software presented four security vulnerabilities of Android devices based on Qualcomm chipsets. Qualcomm reviewed these reports and instantly released patches for security flaws.
Collectively, these vulnerabilities became known by “QuadRooter”, as it provides attackers the root privileges. And individually, these flaws got names “CVE-2016-2059”, “CVE-2016-2503” , “CVE-2016-2504” and “CVE-2016-5340”. These flaws were reported in Qualcomm drivers that’s been given to device manufacturers.
Google Says it has released three patches for the first three flaws through its security bulletin for nexus devices. Anyhow, it has flagged CVE-2016-2059 as low severity and according to them, it can be mitigated through SELinux(a kernel extension to reduce exploitation of some flaws by implementing certain access controls)
What is Check Point’s explanation on this?
Check Point explains the threat will not affect users through web browsing, emails, chats but rogue applications could be a reason. Check Point says Google’s view on CVE-2016-2059 is not at all feasible. They’ve already released a free application on Google Play for users to check whether their devices are affected by any of these flaws.
A different Stand Point
Check Point, the one initially figured this vulnerability says about the mobile threat detection that’s already present on Android phones. It’s called “Verify Apps” that’s practically available all of those 900 million devices since 2012.
This “Verify Apps” scans your Android device whenever you install new apps and features into your phone. It’ll resist you if you try to install any dangerous app to your device and verify if any of your installed app starts doing anything suspicious.
From Gingerbread, this feature is available on Android. So, almost 99% of Today’s Android devices are powered with Verify Apps. And from Google’s point of view Verify Apps can watch out any Quadrooter related security threat. They provide monthly security patches on a regular basis.
What’s up of the Users?
Since there’s no so serious threat reports from Google about this update till now, consumers don’t have to think too much. They just have to make sure that, the apps they’re installing should be verified. Moreover, the basic security measures are available on your phone itself, so be less worried on that.