Is Yours, Possibly, 1 of 9 Million That May Be Vunerable to QuadRooter?

95Viper · Aug 9, 2016

QuadRooter: New Android Vulnerabilities in Over 900 Million Devices by Adam Donenfeld, Check Point Mobile Research Team posted 2016/08/07

What is QuadRooter?
QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.

Some of the latest and most popular Android devices found on the market today use these chipsets, including:

BlackBerry Priv

Blackphone 1 and Blackphone 2

Google Nexus 5X, Nexus 6 and Nexus 6P

HTC One, HTC M9 and HTC 10

LG G4, LG G5, and LG V10

New Moto X by Motorola

OnePlus One, OnePlus 2 and OnePlus 3

Samsung Galaxy S7 and Samsung S7 Edge

Sony Xperia Z Ultra

What Android devices are at risk?
QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. Any Android device built using these chipsets is at risk. The drivers, which control communication between chipset components, become incorporated into Android builds manufacturers develop for their devices.

Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.

This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.

Read complete article at the link at top of post.

burebista · Aug 9, 2016

Yep, mine it is. Do I care? Guess not.

blobster21 · Aug 9, 2016

burebista said:
Yep, mine it is. Do I care? Guess not.

View attachment 77717

Same vulnerabilites ! LG G2 with android 5.0.2

R-T-B · Aug 11, 2016

This is what I wrote my application for editor article about, lol.

You'd have to be dumb enough to install a sketchy app to get infected. No, the app won't tell you via permission requests that it is sketchy, but you should still be able to tell if you know what you are looking for. Practice good app hygiene, people.

Heck, here is my article. Review it for shits and giggles:

Quadrooter: It’s not quite the new StageFright, but it’s close.

Defcon has come and gone and again it has left the Android Security world in a state of confusion. During the conference which focuses on security vulnerabilities, a vulnerability known as “Quadrooter” was revealed. Like the StageFright security scare of 2015, Quadrooter is a privilege escalation bug allowing an attacker to gain complete “root” level access to a user’s cell phone. However scary that may sound, that is where the similarities end.

Unlike StageFright, which was part of the Android operating system, Quadrooter is part of Qualcomm’s Snapdragon chipset driver. This means it is not actually a flaw in android but a flaw in the driver for an external chipset. Does that matter to the end user? Probably not. Why? Because nearly 65% of all Android devices (and arguably even more in recent releases) actually have a Qualcomm chipset, and thus are affected by this bug.

That said, there is still some hope in the fact that unlike StageFright, a user has to actually install a malicious app to become a victim of Quadrooter. If you only install from Google Play, that means you are much more likely to be protected, provided Google’s policing is up to the job.

Recon-UK · Aug 11, 2016

I run Nokia with Windows Phone OS.. i use my phone as a phone so i don't care.

R-T-B · Aug 11, 2016

Recon-UK said:
I run Nokia with Windows Phone OS.. i use my phone as a phone so i don't care.

You aren't affected, but honestly, if you're phone was affected and consequently infected you would care when it started being used as a spam relay and the cops showed up.

Recon-UK · Aug 11, 2016

R-T-B said:
You aren't affected, but honestly, if you're phone was affected and consequently infected you would care when it started being used as a spam relay and the cops showed up.

Maybe but i will forget in like 10 minutes.

Komshija · Aug 17, 2016

Mediatek here, Lenovo device. Personal and security reasons.

RejZoR · Aug 18, 2016

My Huawei Ascend P7 with Android 5.1.1 (update B852) is not affected. Hooray

Steve-007UK · Aug 18, 2016

Don't have or want a phone or tab or anything like that so not effected by this

hat · Aug 23, 2016

The easier we make our lives with technology, the easier we make it for would-be crooks to fuck us up. It's probably best to keep as much sensitive data as possible off your phone, which is likely the least secure device you have.

Nobody99 · Aug 23, 2016

Mediatek: Go cheap & go secure.

Such a pleasure when costlier option fails.

System Name	Rocket
Processor	Ryzen 3600X
Motherboard	ASRock B450 PRO4
Cooling	Noctua NH-D15
Memory	HyperX Predator Black 16GB DDR4 3200MHz CL16
Video Card(s)	MSI GeForce GTX 1060 GAMING X 6GB
Storage	ADATA SX8200 PRO 512GB + Intel 535 Series 120GB + WD 6400AAKS
Display(s)	Benq EW2420
Case	Antec P182
Power Supply	Antec Signature 650
Software	Win 10

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

System Name	AM4 / 775
Processor	2600x / C2D E7600
Motherboard	B450 Aorus / ASUS P5G41C-M LX
Cooling	TT Esports Duo / Chinesium cooler
Memory	16GB DDR4 3ghz / 4GB DDR2 800mhz
Video Card(s)	2060 Super / 5700-XT / GTX 650Ti
Storage	120GB + 1TB SSD / 160GB SSD
Display(s)	Samsung CRG5 144hz QD
Case	CiT shit chassis modded / Coolermaster Elite 430
Audio Device(s)	Soundblaster FX / Audigy 2 ZX
Power Supply	Superflower Leadex III GOLD / BeQuiet 450w bronze.
Mouse	Razer Basilisk
Keyboard	Read Dragon Kumara
Software	Windows 10 Pro x64
Benchmark Scores	1 Billion

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

System Name	AM4 / 775
Processor	2600x / C2D E7600
Motherboard	B450 Aorus / ASUS P5G41C-M LX
Cooling	TT Esports Duo / Chinesium cooler
Memory	16GB DDR4 3ghz / 4GB DDR2 800mhz
Video Card(s)	2060 Super / 5700-XT / GTX 650Ti
Storage	120GB + 1TB SSD / 160GB SSD
Display(s)	Samsung CRG5 144hz QD
Case	CiT shit chassis modded / Coolermaster Elite 430
Audio Device(s)	Soundblaster FX / Audigy 2 ZX
Power Supply	Superflower Leadex III GOLD / BeQuiet 450w bronze.
Mouse	Razer Basilisk
Keyboard	Read Dragon Kumara
Software	Windows 10 Pro x64
Benchmark Scores	1 Billion

Is Yours, Possibly, 1 of 9 Million That May Be Vunerable to QuadRooter?

95Viper

Super Moderator

burebista

blobster21

R-T-B

Recon-UK

R-T-B

Recon-UK

Komshija

RejZoR

Steve-007UK

hat

Enthusiast

Nobody99

System Name	1.21 gigawatts!
Processor	Intel Core i7 6700K
Motherboard	MSI Z170A Krait Gaming 3X
Cooling	Be Quiet! Shadow Rock Slim with Arctic MX-4
Memory	16GB G.Skill Ripjaws V DDR4 3000 MHz
Video Card(s)	Palit GTX 1080 Game Rock
Storage	Mushkin Triactor 240GB + Toshiba X300 4TB + Team L3 EVO 480GB
Display(s)	Philips 237E7QDSB/00 23" FHD AH-IPS
Case	Aerocool Aero-1000 white + 4 Arctic F12 PWM Rev.2 fans
Audio Device(s)	Onboard Audio Boost 3 with Nahimic Audio Enhancer
Power Supply	FSP Hydro G 650W
Mouse	Cougar 700M eSports white
Keyboard	E-Blue Cobra II
Software	Windows 8.1 Pro x64
Benchmark Scores	Cinebench R15: 948 (stock) / 1044 (4,7 GHz) FarCry 5 1080p Ultra: min 100, avg 116, max 133 FPS

System Name	PC-Chips
Processor	Ryzen 5 5600x
Motherboard	Asus ROG Strix B550-F Gaming.
Cooling	Thermalright Peerless Assassin 120 SE CPU Air Cooler 6 heat pipes.
Memory	Patriot Viper 32gig dual channel 3600mhz
Video Card(s)	PowerColor HellHound RX 7900 GRE OC
Storage	2X Samsung 860 EVO SSD's 500gig / 2TB crucial P3-NVME / WD-BLUE SN550 1TB M.2 / SP A55 512gig
Display(s)	Panasonic 40-inch 4k TV
Case	Modded NZXT H510
Audio Device(s)	Realtek S1220A - Yamaha A-S501 AMP - 4 x Wharfedale diamond 9.1 speakers - Wharfedale SW150 sub
Power Supply	EVGA SuperNOVA G6 750W 80+ Gold
Mouse	Some cheap wireless thing
Keyboard	Razer Cynosa lite
VR HMD	Oculus Quest 2 128gig version
Software	Windows 11 pro 64bit

System Name	Starlifter :: Dragonfly
Processor	i7 2600k 4.4GHz :: i5 10400
Motherboard	ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling	Cryorig M9 :: Stock
Memory	4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s)	PNY GTX1070 :: Integrated UHD 630
Storage	Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s)	Onn 165hz 1080p :: Acer 1080p
Case	Antec SOHO 1030B :: Old White Full Tower
Audio Device(s)	Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply	FSP Hydro GE 550w :: EVGA Supernova 550
Software	Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores	>9000