QuadRooter Vulnerability Hits Android & Sony Comments

Sony_Mobile_Android_QuadRooter

Android and security (or lack thereof) is like Windows and viruses – the two just go hand in hand. But 2016, particularly the past few months have been especially brutal:

Now to that list, we can add the QuadRooter vulnerability which affects 900 million Android devices. Brian Barrett writing for Wired:

 As security research firm Check Point detailed this week, the vulnerability in question is actually a set of four issues, collectively called QuadRooter, and affects Qualcomm chipsets from manufacturers ranging from HTC to LG to OnePlus to Google, which contracts with other makers for its own Nexus devices. It’s serious; compromised devices would give bad actors root access, meaning they could collect any data stored on the phone, control the camera and microphone, and track its GPS location. It’s like giving someone the keys to your house, then holding the door open for them while they make off with the jewels. 

Unlike previous security threats where Sony’s been mostly silent, the company has released a statement on the matter at hand.

 Sony Mobile takes the security and privacy of customer data very seriously. We are aware of the ‘Quadrooter’ vulnerability and are working to make the security patches available within normal and regular software maintenance, both directly to open-market devices and via our carrier partners, so timings can vary by region and/or operator. Consumers are recommended to continuously upgrade their phone software in order to optimize performance of their Xperia™ smartphone. Users can take steps to protect themselves by only downloading trusted applications from reputable application stores. 

But as Barrett writes, the issue isn’t as simple as an update:

 The nature of QuadRooter exacerbates these issues, because it impacts Qualcomm drivers, which are installed not by Google but by individual manufacturers. Those manufacturers also generally produce several models of each smartphone they ship, tailoring them to carriers, who often install custom software of their own before the devices get to the consumer.

That’s why, even though Qualcomm released patches for all four vulnerabilities between April and July, the fixes are still slow to reach actual devices. Even Google’s Nexus devices, which are typically at the vanguard of security, have only addressed three of the four issues. The last will be included as part of a broader security update in the coming months. 

You know what Sony is known for? Timely updates – give or take a year.

Discuss:

Do Android vulnerabilities like QuadRooter concern you?