nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Google says most users 'protected' against 'Quadrooter'

Play Store should spot exploits

By Richard Chirgwin, 10 Aug 2016

The Quadrooter vulnerabilities in Qualcomm-based Android phones can grant apps total control over devices – but Google reckons malicious code exploiting the flaws should hardly ever reach users.

The Chocolate Factory reckons the Verify Apps feature in its Play Store was already blocking apps that tried to take advantage of Quadrooter.

Only a reckless user would be compromised in the first place, since you'd have to download a compromised app from a non-Google source – and that's where Verify Apps comes in.

Google pointed out to Android Central that the four-year-old feature, along with its SafetyNet, was designed to protect users from non-Play Store malice.

Instead of a “this file may harm you”, Verify Apps should completely block an app trying to exploit Quadrooter, Google says – and since that feature protects everything from Android 4.2 onwards, by Google's Android population data, more than 90 per cent of devices out there are protected.

Only one of the vulnerabilities, CVE-2016-5340, remains unpatched in current Androids (if you're lucky enough to get prompt updates). According to US-CERT/NIST: “The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.”

Google says it will have that one patched soon. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing