Checkpoint Software Technologies and its team of researchers have discovered a set of four vulnerabilities that could potentially give attacker access to a phone’s data in tens of millions of Android devices.
The vulnerabilities, known as QuadRooter, were discovered while looking at software which operates on chipsets made by US firm Qualcomm.
Qualcomm is a US telecommunications equipment company and controls 65 per cent of the LTE modem baseband market.
The defect was discovered in software that deals with graphics and in code which communicates information between chipset components. Michael Shaulov, head of mobility product management at Checkpoint, says that the problems were revealed after a six month effort to reverse engineer Qalcomm’s code.
The bugs in the software can easily be triggered using an app, which would go by undetected during installation.
Affected devices include handsets such as Samsung Galaxy S7, Samsung S7 Edge, Google Nexus 5X, Nexus 6, Nexus 6P, LG G4, LG G5, LG V10, OnePlus One, OnePlus 2, OnePlus 3 and many more.
In response to the information provided by Checkpoint, Qaulcomm has created software patches and has also started manufacturing chipsets with the bug-free version. The patches have also been distributed to phone makers and operators. However, there are no clear figures on how many phones have been updated.
Checkpoint has created a free app called QuadRooter Scanner, which checks if your phone is at risk.
While there is no current evidence of these vulnerabilities being used, Shaulov says that its only a matter of time.
“It’s always a race as to who finds the bug first, whether it’s the good guys or the bad.”