Four newly identified vulnerabilities could affect 900 million Android devices, Check Point researchers told attendees at the DEF CON 24 security conference in Las Vegas this past weekend.
The vulnerabilities, which the researchers dubbed “QuadRooter,” affect Android devices that use Qualcomm chipsets. They exist in the chipset software drivers.
The drivers, which control communications between chipset components, are incorporated into Android builds manufacturers develop for their devices, so they’re preinstalled on devices and can be fixed only through installation of a patch from the distributor or carrier.
Exploiting any of the four vulnerabilities will let attackers trigger privilege escalations and get root access to the targeted device, Check Point said.
Attackers can exploit the vulnerabilities using a malicious app. Such an app would not require special permissions, and thus would not be easily detected.