Almost one billion Android devices are affected by a serious security flaw which can give attackers access to all data and hardware, including the camera. 

The vulnerability, dubbed ‘Quadrooter’ was flagged by researchers from Check Point, an international cyber security company. 

It affects all devices which use a Qualcomm chip – thought to be in around 900 million phones and tablets. 

Download the new Independent Premium app

Sharing the full story, not just the headlines

Michael Shaulov, head of mobility product management at Check Point, told tech news website ZDNet two weeks ago of his frustration.

He said: “No-one at this point has a device that's fully secure. That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google."

An attacker would have to dupe a victim into installing a malicious app on the phone, by sending them a link to download, for example. 

The app would not require special permissions, allowing a hacker 'root' access.

That means they could see all data and use the camera and microphone. 

Qualcomm says it has issued a patch which Google will release next month in its monthly fixes update.

Nexus devices will get it first with other manufacturers expected to follow suit a few days later. 

The list of popular affected devices includes but it not limited to, BlackBerry Priv and Dtek50, Google Nexus 5X, Nexus 6, Nexus 6P, LG G4, LG G5, LG V10, Sony Xperia Z Ultram, HTC One, HTC M9, HTC 10, Blackphone 1 and Blackphone 2. 

Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola, and Samsung were all sent letters by America's Federal Communications Commission and the Federal Trade Commission earlier this month as part of an investigation into how and when they create fixes.

The agencies do not believe patches are created quickly enough, leaving smartphone users vulnerable, ZDNet reports. 

A Qualcomm spokesperson said: "Providing technologies that support robust security and privacy is a priority for us.

"We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July.  

"We continue to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities." 

 

 

Comments

Share your thoughts and debate the big issues

Learn more
Please be respectful when making a comment and adhere to our Community Guidelines.
  • You may not agree with our views, or other users’, but please respond to them respectfully
  • Swearing, personal abuse, racism, sexism, homophobia and other discriminatory or inciteful language is not acceptable
  • Do not impersonate other users or reveal private information about third parties
  • We reserve the right to delete inappropriate posts and ban offending users without notification

You can find our Community Guidelines in full here.

Create a commenting name to join the debate

Please try again, the name must be unique Only letters and numbers accepted
Loading comments...
Loading comments...
Please be respectful when making a comment and adhere to our Community Guidelines.
  • You may not agree with our views, or other users’, but please respond to them respectfully
  • Swearing, personal abuse, racism, sexism, homophobia and other discriminatory or inciteful language is not acceptable
  • Do not impersonate other users or reveal private information about third parties
  • We reserve the right to delete inappropriate posts and ban offending users without notification

You can find our Community Guidelines in full here.

Loading comments...
Loading comments...