Quadrooter – 4 faults detected in Android smartphones. Blame Qualcomm – ZDNet France

The vulnerabilities are so common that cyber security companies today deliver the set of four. This is the approach chosen by Check Point, which presents on the occasion of the DefCon four vulnerabilities discovered within Qualcomm equipping many Android phones. Rather than finding a nickname for each flaw, the company presents the four as the Quadrooter and described in a lengthy 19-page document detailing their operation.
 

These different vulnerabilities have still some similarities: all are indeed flaws allow elevation of privilege for an attacker who could exploit them. This may well allow a malicious application installed by the user on the machine to bypass security measures in place to access normally inaccessible features and devices.

Three of the four reported flaws were corrected, as reported ZDNet.com, and a fourth is still currently exploitable. A fix is ​​planned for September. But Check Point document focuses in particular on the difficulties encountered by users who wish to have updates and security patches quickly.

This recalls the difficulty and complexity of the chain manufacture Android phones: the patches are usually issued by Google and then relayed by operators and manufacturers to phones. For quadrooters vulnerabilities, complexity climbs a notch since the flaws affect the Code under the responsibility of Qualcomm, the processor manufacturer.
 

Check Point is therefore concerned the time needed to correct these faults. The publisher is however not the only one. In the US, the FTC and FCC, the US equivalent of ARCEP and the Competition Authority, recently expressed concern about the problems encountered by manufacturers of Android ecosystem. An investigation is underway on the subject and a report will be published in the course of the year, which may encourage the different actors of the chain and especially the Android ecosystem, to review their management flaws.