Android bug ‘could allow hackers complete access to 900 million phones’
All versions of Android devices are vulnerable and there is no fix until next month
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Almost one billion Android devices are affected by a serious security flaw which can give attackers access to all data and hardware, including the camera.
The vulnerability, dubbed ‘Quadrooter’ was flagged by researchers from Check Point, an international cyber security company.
It affects all devices which use a Qualcomm chip – thought to be in around 900 million phones and tablets.
Michael Shaulov, head of mobility product management at Check Point, told tech news website ZDNet two weeks ago of his frustration.
He said: “No-one at this point has a device that's fully secure. That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google."
An attacker would have to dupe a victim into installing a malicious app on the phone, by sending them a link to download, for example.
The app would not require special permissions, allowing a hacker 'root' access.
That means they could see all data and use the camera and microphone.
Qualcomm says it has issued a patch which Google will release next month in its monthly fixes update.
Nexus devices will get it first with other manufacturers expected to follow suit a few days later.
The list of popular affected devices includes but it not limited to, BlackBerry Priv and Dtek50, Google Nexus 5X, Nexus 6, Nexus 6P, LG G4, LG G5, LG V10, Sony Xperia Z Ultram, HTC One, HTC M9, HTC 10, Blackphone 1 and Blackphone 2.
Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola, and Samsung were all sent letters by America's Federal Communications Commission and the Federal Trade Commission earlier this month as part of an investigation into how and when they create fixes.
The agencies do not believe patches are created quickly enough, leaving smartphone users vulnerable, ZDNet reports.
A Qualcomm spokesperson said: "Providing technologies that support robust security and privacy is a priority for us.
"We were notified by the researcher about these vulnerabilities between February and April of this year, and made patches available for all four vulnerabilities to customers, partners, and the open source community between April and July.
"We continue to work proactively both internally as well as with security researchers to identify and address potential security vulnerabilities."
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments