Android hack could effect 900 million phones

ALMOST one billion Android devices are affected by a serious security flaw which can give attackers access to all data and hardware, including the camera.

The vulnerability, dubbed 'Quadrooter' was flagged by researchers from Check Point, an international cyber security company.

It affects all devices which use a Qualcomm chip - thought to be in around 900 million phones and tablets.

Michael Shaulov, head of mobility product management at Check Point, told tech news website ZDNet two weeks ago of his frustration.

He said: "No-one at this point has a device that's fully secure. That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google."

An attacker would have to dupe a victim into installing a malicious app on the phone, by sending them a link to download, for example.

The app would not require special permissions, allowing a hacker 'root' access.

That means they could see all data and use the camera and microphone.

Qualcomm says it has issued a patch which Google will release next month in its monthly fixes update.

Nexus devices will get it first with other manufacturers expected to follow suit a few days later.

The list of popular affected devices includes but it not limited to, BlackBerry Priv and Dtek50, Google Nexus 5X, Nexus 6, Nexus 6P, LG G4, LG G5, LG V10, Sony Xperia Z Ultram, HTC One, HTC M9, HTC 10, Blackphone 1 and Blackphone 2.

Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola, and Samsung were all sent letters by America's Federal Communications Commission and the Federal Trade Commission earlier this month as part of an investigation into how and when they create fixes.

The agencies do not believe patches are created quickly enough, leaving smartphone users vulnerable, ZDNet reports.

A Qualcomm spokesperson said: "Providing technologies that support robust security and privacy is a priority for us.

"We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July. 

"We continue to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities."


Meninga/Connell Cups: Best players, premiers tip

Premium Content Meninga/Connell Cups: Best players, premiers tip

Which side is tipped to win the Meninga Cup this season? Revealed here, along with...

Devastating smash and grab at popular Gladstone business

Premium Content Devastating smash and grab at popular Gladstone business

When the alarm sounded after 4am on Sunday, the security company was alerted and...

Steer prices soar to uncharted territory at cattle sale

Premium Content Steer prices soar to uncharted territory at cattle sale

A Droughtmaster cross pen fetched 710.2c/kg, breaking the facility’s cents per kilo...