QuadRooter, Google responds

1575

2

2016-08-17 12:17


One of the most discussed argument of these days has been QuadRooter vulnerabilities. About 900 million devices could be affected, the ones based on qualcomm processors.

How should it work, briefly
This vulnerability could be exploited through malicious applications that could gain root access and do whatever they want, teorically.
This apps should be installed manually, enabling "unknown sources", not via official stores like G play store.


How to try to avoid the vulnerability
Despite the fact that the exploit should be fixed with a patch, you can keep activated "Verify Apps", from Google Play Service, a feature enabled by default in devices since Android 4.2 Jelly Bean.
A system with active "Verify Apps" should show a warn saying: "Installation has been blocked", when you try to install a suspected malicious app.


What Google says
According to G, "Verify Apps" can identify and block this malicious apps. This is what a spoksperson said to Android Central:
"We appreciate Check Point's research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these."