Bob
8th August 2016, 04:47
It's called the QuadRooter Flaw -
Got an Android?
Well, another hole leaves your phone open potentially to attack, where the attacker can take everything over, get whatever they want off it, lock you out, get all the data, turn on the camera and microphone.
At the Def Con security conference on Sunday Adam Donenfeld security researcher at CheckPoint described the "high" risk privilege escalation vulnerabilities that was found.
A malicious APP is all it takes. Normally apps are checked for security vulnerabilities, but its been pointed out that some manage to sneak through. (for instance an innocent looking game turned phones into zombies for botnets - see http://www.zdnet.com/article/new-android-malware-poses-as-app-joins-device-to-botnet/ - The malware is dubbed "Viking Horde," after one of the popular apps it poses as. )
Google's Nexus 5X, Nexus 6, and Nexus 6P, HTC's One M9 and HTC 10, and Samsung's Galaxy S7 and S7 Edge are some of those named vulnerable to one or more of the flaws.
The recently-announced BlackBerry DTEK50, which the company touts as the "most secure Android smartphone," is also vulnerable to one of the flaws.
A Qualcomm spokesperson said the chipmaker has fixed all of the flaws, and had issued patches to customers, partners, and the open source community between April and the end of July. Most of those fixes have already gone into Android's monthly set of security patches, which Google issues early each month to its own-brand Nexus devices. Many other phone and tablet makers roll out those patches at the same time or in the following few days.
Three flaws were fixed in Google's latest set of monthly security updates, but one of the vulnerabilities is still outstanding, largely because the final patch wasn't issued in time.
Google confirmed that the fourth flaw will be fixed in the upcoming September update, due out a little after the start of next month.
IF ONE doesn't update, doesn't get the PATCHES one's phone remains vulnerable (once again)..
"No-one at this point has a device (Android powered) that's fully secure," he said. "That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google."
How about that?
and
That's one of the reasons why two federal agencies have stepped in to question why phone security updates are often haphazard, or few and far between.
The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) both asked Apple, Google, and phone makers and carriers when is it decided "to patch a vulnerability on a particular mobile device" or not.
A report is due out later this year.
(source (http://www.zdnet.com/article/quadrooter-security-flaws-affect-over-900-million-android-phones/))
http://zdnet2.cbsistatic.com/hub/i/r/2015/05/15/931dab70-615f-4222-9c19-65ab99390125/resize/220x165/1a0fc15e03c2c38c38e95157bec24d2a/android.jpg
Got an Android?
Well, another hole leaves your phone open potentially to attack, where the attacker can take everything over, get whatever they want off it, lock you out, get all the data, turn on the camera and microphone.
At the Def Con security conference on Sunday Adam Donenfeld security researcher at CheckPoint described the "high" risk privilege escalation vulnerabilities that was found.
A malicious APP is all it takes. Normally apps are checked for security vulnerabilities, but its been pointed out that some manage to sneak through. (for instance an innocent looking game turned phones into zombies for botnets - see http://www.zdnet.com/article/new-android-malware-poses-as-app-joins-device-to-botnet/ - The malware is dubbed "Viking Horde," after one of the popular apps it poses as. )
Google's Nexus 5X, Nexus 6, and Nexus 6P, HTC's One M9 and HTC 10, and Samsung's Galaxy S7 and S7 Edge are some of those named vulnerable to one or more of the flaws.
The recently-announced BlackBerry DTEK50, which the company touts as the "most secure Android smartphone," is also vulnerable to one of the flaws.
A Qualcomm spokesperson said the chipmaker has fixed all of the flaws, and had issued patches to customers, partners, and the open source community between April and the end of July. Most of those fixes have already gone into Android's monthly set of security patches, which Google issues early each month to its own-brand Nexus devices. Many other phone and tablet makers roll out those patches at the same time or in the following few days.
Three flaws were fixed in Google's latest set of monthly security updates, but one of the vulnerabilities is still outstanding, largely because the final patch wasn't issued in time.
Google confirmed that the fourth flaw will be fixed in the upcoming September update, due out a little after the start of next month.
IF ONE doesn't update, doesn't get the PATCHES one's phone remains vulnerable (once again)..
"No-one at this point has a device (Android powered) that's fully secure," he said. "That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google."
How about that?
and
That's one of the reasons why two federal agencies have stepped in to question why phone security updates are often haphazard, or few and far between.
The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) both asked Apple, Google, and phone makers and carriers when is it decided "to patch a vulnerability on a particular mobile device" or not.
A report is due out later this year.
(source (http://www.zdnet.com/article/quadrooter-security-flaws-affect-over-900-million-android-phones/))
http://zdnet2.cbsistatic.com/hub/i/r/2015/05/15/931dab70-615f-4222-9c19-65ab99390125/resize/220x165/1a0fc15e03c2c38c38e95157bec24d2a/android.jpg