Active Topics

 



Notices


Reply
Thread Tools
Win7Mac's Avatar
Community Council | Posts: 664 | Thanked: 1,648 times | Joined on Apr 2012 @ Hamburg
#1
Check Point today disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets. The Check Point mobile threat research team, which calls the set of vulnerabilities QuadRooter, presented its findings in a session at DEF CON 24 in Las Vegas.

What is QuadRooter?
QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.

Some of the latest and most popular Android devices found on the market today use these chipsets, including:

BlackBerry Priv
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6 and Nexus 6P
HTC One, HTC M9 and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2 and OnePlus 3
Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra
Source: http://blog.checkpoint.com/2016/08/07/quadrooter/
__________________
Nokia 5110 > 3310 > 6230 > N70 > N9 BLACK 64GB
Hildon Foundation Board member
Maemo Community e.V. co-creator, founder and director since Q4/2016
Current Maemo Community Council member
 

The Following 13 Users Say Thank You to Win7Mac For This Useful Post:
HtheB's Avatar
Moderator | Posts: 3,449 | Thanked: 5,933 times | Joined on Dec 2009 @ Bize Her Yer Trabzon
#2
Now if we only had Android root for Jolla C and Intex Aqua Fish.
Did someone installed the QuadRoot scanner on Jolla phones yet?
__________________
www.HtheB.com
Please donate if you think I'm doing a good job.
 

The Following 2 Users Say Thank You to HtheB For This Useful Post:
mp107's Avatar
Posts: 132 | Thanked: 352 times | Joined on Apr 2015 @ Poland
#3
 

The Following 4 Users Say Thank You to mp107 For This Useful Post:
coderus's Avatar
Posts: 6,045 | Thanked: 11,161 times | Joined on Nov 2011 @ Open Mobile Platform, Innopolis, Russia
#4
wtf, where are exploits? i want to root my phone
__________________
Twitter | Openrepos | GitHub | PayPal.Me
 

The Following 4 Users Say Thank You to coderus For This Useful Post:
Dave999's Avatar
Posts: 6,476 | Thanked: 7,482 times | Joined on Oct 2009 @ Moon! It's not the East or the West side... it's the Dark Side
#5
What's is most secure: jPhones, iPhones or a random androids.
__________________
Do something for the climate today! Anything!

I don't trust poeple without a Nokia n900...I'm also supporting Apple 2016 or until Jolla fully refund or ship the jPad to all backers and supports!

"waited over a year for no tablet – and then the same again for potential refund? inspires confidence!"
 
Moderator | Posts: 5,319 | Thanked: 4,455 times | Joined on Oct 2009
#6
Had some complaints....

Keep it on-topic Dan, be respectful of the intent/focus of peoples threads.
Consider this your first & last non-infraction warning...

Not following this thread & most others, so rely on PMs or Post Reports of folks that play up.

Thank-you.
 

The Following 10 Users Say Thank You to jalyst For This Useful Post:
Dave999's Avatar
Posts: 6,476 | Thanked: 7,482 times | Joined on Oct 2009 @ Moon! It's not the East or the West side... it's the Dark Side
#7
Instead of complaints. Can you bring anything good. When can we exclect Jolla to work this issue out with 3rd parties?

Or any link to patch.

https://www.checkpoint.com/downloads...rch-report.pdf
__________________
Do something for the climate today! Anything!

I don't trust poeple without a Nokia n900...I'm also supporting Apple 2016 or until Jolla fully refund or ship the jPad to all backers and supports!

"waited over a year for no tablet – and then the same again for potential refund? inspires confidence!"

Last edited by Dave999; 2016-08-08 at 20:41.
 
pichlo's Avatar
Community Council | Posts: 4,757 | Thanked: 14,114 times | Joined on Sep 2012 @ UK
#8
Dave, "exclect"?

Pardon the silly question, but what's all the fuss anyway? If I understand it correctly, all that QuadRooter can do is obtain a root access. Sure, it means it can alter or remove some of the preinstalled bloatware that you cannot remove by standard means but isn't it about it? All the sensitive stuff (your address book, photos, videos, other personal data, network access (that could cost you money if used maliciously)) is in the userland and you grant apps access to those willingly. At least on Android. On Sailfish, there is no such protection at all to start with.
__________________
In particle accelerators atoms are indeed not only touching each others. But banging together in a massive explosive orgasm.
-- nieldk in a TMO post
 

The Following 7 Users Say Thank You to pichlo For This Useful Post:
Posts: 84 | Thanked: 113 times | Joined on Feb 2014
#9
QuadRooter it's about Qualcomm drivers (blobs) that are used by SailfishOS and Android at the same time.
My understanding is that a malicious user may gain root access at your SailfishOS as well. Or I'm wrong ?
 

The Following 5 Users Say Thank You to tvicol For This Useful Post:
Community Council | Posts: 3,992 | Thanked: 9,459 times | Joined on May 2012 @ Southerrn Finland
#10
The vulnerabilities seem pretty clear from the Checkpoint report, however this is also partly scareware; their business just is more or less bullying people into buying their intrusion deterring solution.

On a more-or-less standard Android device this attack might be rolled into a generic package that can take control of the device and either used to leak data or use it as a part of a botnet. However, if a poisoned application is run in Alien Dalvik on a SFOS device I believe it might have a hard time operating correctly since the Android layer is not similar to what is used in native Android devices.
It would probably (but I cannot be 100% sure of course) need to have a specially tailored version to be effective against SFOS devices. However, if such tailored attack is created, then it could also affect the native part of the system and not only the AD part of the system.

TLDR; probably you are safe in any case. If you do not install Alien Dalvik at all, you certainly are safe.
 

The Following 4 Users Say Thank You to juiceme For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 05:04.