A newly-discovered set of security vulnerabilities called “Quadrooter” leaves 900 million Android phones vulnerable to malicious software.
The four flaws lie in Qualcomm’s driver software, which is the low-level software “glue” that connects the Android OS to the specific Qualcomm processor chips that power most phones sold in the U.S. and elsewhere. The flaws allow installed malicious apps to gain complete “root” access to the device without prompting the user for any special permissions.
Three of the issues have been fixed, but one remains unsolved. Manufacturers and carriers are responsible for pushing security updates with these fixes to end user devices.
To avoid falling victim due to this and similar issues, phone users should always avoid apps from untrusted sources, and avoid untrusted public WiFi networks.
The issue also highlights the importance of frequent and timely security updates, an area where some manufacturers have a dramatically better track record than others.
