New Set of Android Vulnerabilities puts 900M Devices at Risk
If you have an Android phone, it is time to update your system!
Security firm Check Point has recently disclosed four security flaws that allow an attacker to completely take over your Android phone.
All that is necessary is for an attacker to trick the user into installing a malicious application - without any special permissions.
The set of vulnerabilities (going by the name of 'Quadrooter') appears to impact only phones based on Qualcomm chips.
Incredibly, one of the four vulnerabilities is set to be fixed only in September.
Note: At the time of this writing, Check Point website is currently experiencing technical difficulties, most likely due to overwhelming demands from overly concerned Android owners from around the globe. The situation should improve shortly.
Useful to know, but concerning that they are so relaxed about releasing a fix for such a major issue!
Indeed!
I would strongly advise against installing unknown applications until this issue is sorted out.
A successful exploit yields root access, at that point it is game over!
Sound advice ;)
there is no way to protect yourself? 8[
Might be wise to not install any unknown apps until this is fully fixed (September?).
Good afternoon. Your article is very useful. I voted for you.
Thanks for the heads up and warning. Is it true that android are more prone to viruses since it is open source?
No. It's not because it's open source. it's because it's open, i.e. you can install any app you want, from any source. You don't need to download your apps from the Google Play Store. Unlike Apple, where the only source is the iTunes App Store, and you don't get any choice whatsoever.
One of the biggest problems in Android is the amount of third party attacks, for example Samsung's Knox, designed to IMPROVE security, has a very major flaw which actually makes their phones highly vulnerable. (which was actually used in the TV Show Mr Robot to hack the FBI) - thus having a non-samsung phone actually improves your security simply because of that attack.
It's thanks to companies like HTC, Samsung, and Sony filling up their android phones will all their vendor crapware that opens up whole new vectors of attacks. Every now and then we do get attacks that directly damage android itself, such as this, which is somewhat Qualcomm's fault, not even Android's fault in it's own.
A good idea might be preferring Smartphone companies which don't fill up your phone with vendor crapware. At least they should allow deleting those apps without having to root your phone.
My old Samsung came with lots of proprietary Samsung bloatware apps which could not be deleted without rooting. After switching to LG (G4) things are much better. Much less bloatware and you can delete those apps.
nice info
Here is a video about it: