QuadRooter exists in almost all Android devices that use Qualcomm processors and as such, phone makers cannot themselves fix such vulnerabilities unless Qualcomm comes up with a patch. The vulnerabilities are such that even if one of them is exploited, hackers could gain root access to your device, no matter how secure your device is. Even Blackphone 2, whose Silent Suite UI enables users to make voice and video calls in HD clarity over encrypted VoIP, send encrypted texts as well as save encrypted contacts, suffers from the QuadRooter problem.
Your phone's end to end encryption isn't as strong as you think it is
Other affected devices include Google's Nexus 5X, Nexus 6 and Nexus 6P phones, Samsung's Galaxy S7 and S7 Edge, OnePlus 1, 2 & 3, LG G4, G5 and V10, BlackBerry Priv and HTC One, HTC One M9 and HTC 10 handsets. The app that a hacker can use to gain root access to any of these phones requires no special permissions, thus not alerting the installer.
"This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data," said Check Point.
Worryingly, you will not be able to detect or prevent any such invasion of your phone unless your phone is installed with an advanced mobile threat detection and mitigation solution. The vulnerable drivers are pre-installed in your phone and only a security patch from Qualcomm can remove the vulnerabilities. Apart from gaining root access to your phone, hackers can also gain access to keylogging, GPS tracking, and recording video and audio.
Value security and privacy? these are the phones for you
However, if you are careful about where you download your apps and APK files from, it is possible that your device will be safe despite the vulnerabilities inside it. Avoid downloading apps from anywhere apart from the Google Play Store and stay away from APK files in the meantime. At the same time, you should also avoid using insecure public Wi-Fi networks, check for permissions that apps ask for before you install them and most importantly, keep checking for Android system updates being made available by your phone's manufacturer from time to time.
This isn't the first time that Qualcomm's chips have made Android devices vulnerable to security threats. Last month, a tech website named Neowin sais that while Android devices running Android 5.0 Lollipop and later versions of the operating system are protected by full disk encryption like iPhones, those running Qualcomm processors are vulnerable as Qualcomm's security measures contain some flaws, and if any hacker exploits such flaws along with some flaws in Android, he can bypass the full disk encryption. In such a case, the hacker will be able to access your phone unless you choose to protect your privacy with a strong password.
Gal Beniamini, the researcher who revealed such flaws, has been working both with Google and Qualcomm to fix them. While some of them have already been fixed, Beniamini believes that the entire hardware needs to be replaced to rid Android phones of flaws in full disk encryption.