A new set of security flaws dubbed "Quadrooter" was recently discovered and it affects all versions of the Android mobile operating system. This means that the exploit can be used to attack more than 900 million Android units. The most terrifying part of this is that the exploit will not be patched until September, giving malicious hackers chance to pry into sensitive user information for at least a month.
The Quadrooter exploit stems from four previously undisclosed security vulnerabilities of Android smartphones and tablets that ship with a Qualcomm chip installed, according to Droid Life Initial reports reveal that flaw will allow hackers to fully control affected devices.
Check Point lead mobile security researcher Adam Donenfeld was responsible for discovering the flaw. Donenfeld explained the Quadrooter exploit in greater detail during the Def Con security conference on Sunday.
According to ZDNet, for the Quadrooter exploit to initiate, hackers will have to trick users into installing a malicious app which does not require any special permissions. Although most Android devices do not allow the installation of third-party applications that are not listed on Google Play app store, some hackers have successfully slipped malicious apps through several security loopholes in the past.
Once the malicious app is successfully installed, it will give hackers root access to the infected device. This will allow them to have full access to the device's user information including data and full control of hardware like the microphone and the camera.
Among the confirmed models that are vulnerable to the Quadrooter hack are the following: Google Nexus 5X, Nexus 6, Nexus 6P, HTC One M9, HTC 10, Samsung Galaxy S7, and Galaxy S7 Edge. The recently announced BlackBerry DTEK50, which the company claims is the most secure smartphone running the Android OS is also vulnerable to one of the four flaws.
A Qualcomm spokesperson said that the company has already fixed all the four Quadrooter flaws, and it had already released patches to partners, customers, and the open source community between April and July.
