Android malware is back in the headlines again this morning, thanks to the “Quadrooter” vulnerabilities discovered months ago that were announced over the weekend at Defcon. There are some things to know here, so while we don’t always address the latest faux-scare on Android, this one is indeed worth talking about.
What is Quadrooter? The basics are that Quadrooter is a set of four vulnerabilities that affect Qualcomm chipsets at the driver level. As you know, Qualcomm chipsets are in most (like 65%) Android handsets and so there is a good chance the phone you are reading this on, is affected. With Quadrooter, a hacker could inject an app with malware, somehow try and trick your dumb ass into installing it (sorry, I know that sounds harsh), and then proceed to root your phone and access all of the fun inside. You can imagine how that would be bad, right?
What’s the status on patches for these vulnerabilities? Yeah, so there is good and bad news here. Google, thanks to Qualcomm passing along patches, has fixed three of the four as of the August security patch that rolled out last week. The fourth patch apparently wasn’t quite ready for August and so it’ll have to wait until the September patch to get onto your phone.
Is your phone protected? The short answer is “No.” I say that because there is still a fourth patch that needs to rollout, according to ZDNet. So even Google’s Nexus phones, which are always the most up-to-date in terms of security, are missing a patch. With that said, few phones are even up to the August security patch, so the chances of your non-Nexus phone being vulernable are pretty high! Yeah, go Android!
What can you do to protect your phone? The usual stuff. For one, don’t sideload shady apps onto your phone. Another way to put that would be, stop pirating, cheap ass, and only download apps directly from Google Play. That’s right, Google Play is still a safe haven for installing legit apps, who would have thought! You could also make sure to carefully read through permissions as you install apps, just in case something slipped by Google, to make sure that a basic app you are attempting to install doesn’t want full control over your phone for no reason.
Recap! Quadrooter is bad for your Qualcomm-powered phone if you install lots of shady third party apps found outside of Google Play. Don’t install shady sh*t. Google’s phones are mostly patched, while the rest of the world likely isn’t but will be eventually. Again, you are OK, though, if you don’t install shady sh*t outside of Google Play. Reading permissions is never a bad thing either.