QuardRooter Vulnerability – A risk for nearly 1 billion android devices

QuardRooter Vulnerability – A risk for nearly 1 billion android devices
As Android market is growing with coverage of more than 66% of mobile operating system, Attackers are finding ways to break in to these devices with the vulnerabilities which can help in gaining access privileges.
Now with the discovery of the new QuardRooter vulnerability, nearly 1 billion android smart-phones and tablets are at risk; when these vulnerabilities are exposed, it can give attackers complete control of the device intern providing access to sensitive and corporate data on the devices.
 
What is QuadRooter?
 
According to check point research team - QuadRooter is a set of four vulnerabilities affecting Android devices built on Qualcomm chipsets and Qualcomm is world’s leading designer of LTE chipsets owning a 65% share of the LTE modem baseband market.
 
QuadRooter Vulnerabilities list
 
  • CVE-2016-2059 - IPC Router (inter-process communication)-The ipc_router module provides inter-process communication for various Qualcomm components, user mode processes and hardware drivers.
  • CVE-2016-5340 - Ashmem (Android kernel anonymous shared memory feature)-Android’s propriety memory allocation subsystem, Ashmem enables processes to share memory buffers efficiently. Android devices using Qualcomm chip-sets use a modified ashmem system, providing easy access to the subsystem API from the GPU drivers.
  • CVE-2016-2503 - kgsl (kernel graphics support layer) &CVE-2016-2504 - kgsl_sync (kernel graphics support layer sync)-The Qualcomm GPU component kgsl is a kernel driver that renders graphics by communicating with user-mode binaries. While this driver includes many modules; kgsl_sync is the one responsible for synchronization between the CPU and apps.
An attacker can exploit any one of these four vulnerabilities using a malicious app which requires no special permissions to take advantages of these vulnerabilities and trigger privilege escalations to gain root access to a device.
 
Devices affected by QuadRooter 
 
These vulnerabilities are found only in Qualcomm’s software drivers that come with its chipsets which are pre-installed on devices at the point of manufacturing.According to check point below list of devices are affected by QuardRooter vulnerability:
 
  • BlackBerry Priv
  • Blackphone 1 and 2
  • Google Nexus 5X, 6 and 6P
  • HTC One M9 and HTC 10
  • LG G4, G5, and V10
  • New Moto X by Motorola
  • OnePlus One, 2 and 3
  • Samsung Galaxy S7 and S7 Edge
  • Sony Xperia Z Ultra
Many devices which are not listed by check point can also be affected by this vulnerability,will explain how we can check these vulnerabilities in our Android device with the usage of simple scanner application in my next article.
 
 
Rate this article: 
0
No votes yet
Article category: