Belfast Telegraph

UK Website Of The Year

Hacker warning amid claims security flaws may affect over 900m Android devices

Published 08/08/2016

There is no evidence that the issue has yet been used by cyber criminals.
There is no evidence that the issue has yet been used by cyber criminals.

Security flaws that could give hackers complete access to a smartphone have been found in the microchips of millions of Android devices, researchers claim.

Computer security firm Check Point told a hacking convention in the US it has found a bug - which it calls QuadRooter - that could affect up to 900 million Android phones, including some made by BlackBerry, Google and LG among others, which is caused by vulnerabilities in the processor chips used in those phones by US firm Qualcomm.

However, there is no evidence that the issue has yet been used by cyber criminals.

According to Check Point, if a "malicious app" installed on the affected phones could exploit the vulnerabilities, it could "give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them".

The alleged weakness, which is linked to the code that controls communication between different parts running inside a phone, is believed already to be the subject of a fix or 'patch' being built by Qualcomm to remove the issue.

The chip maker is yet to officially comment on the issue.

Check Point also suggested that the Android platform as a whole - which is open to dozens of different manufacturers and software developers - was part of the issue, with updates taking too long to pass through the system.

"This situation highlights the inherent risks in the Android security model," the firm said.

"Critical security updates must pass through the entire supply chain before they can be made available to end users."

The security firm has encouraged users to keep their phone's software up to date in order to keep it secure, and said it has also created a free app called QuadRooter Scanner, which can be used to check whether a user's phone is at risk.

Read More

From Belfast Telegraph