Check Point uncovers some serious holes that could impact your device. They have put out a free app to check if your security is up to snuff
A new report issued by Check Point’s Mobile Security team over the weekend at Def Con 2016 in Las Vegas has highlighted a series of potentially destructive vulnerabilities that they are calling the Quadrooter, and could affect up to 900 million Android devices.
Speaking with Check Point’s VP of Enterprise Mobility Ohad Bobrov, he tells Geektime that flaws in the software drivers belonging to the ubiquitous Qualcomm chipset that is used throughout the industry have opened Android users up to attacks wherein a hacker can gain root access to the devices, achieving privileges that can cause serious harm to the users, all without having to ask for any permissions from the user.
In their report, they outline four vulnerabilities in three different drivers; the IPC Router (responsible for inter-process communication), the Ashmem (Android kernel anonymous shared memory feature, the kgsl (kernel graphics support layer), and the kgsl_sync (kernel graphics support layer sync) modules. According to the team, if an attacker were to compromise any one of these modules, they could easily impact the rest of the OS.
Bobrov describes how they uncovered these vulnerabilities, telling Geektime that, “At the start of our research, we are investigating very deeply the different mobile operating systems. It enabled us to find different vulnerabilities in these platforms because if you want to really be able to protect against sophisticated attacks, you must be familiar with the different risks. This is why in the past few years, we are able to find multiple vulnerabilities in both iOS and Android platforms.”
Asked how they arrived at the massive 900 million number of devices that could be impacted by these vulnerabilities, Bobrov says that, “It for sure affected all the latest models of Blackberry, Samsung, Nexus, LG, and more. We then estimated how many mobile devices are out there with the Qualcomm chipset.”
While the discovery of these vulnerabilities are nothing new, with holes in security being one of the constants in technology, Bobrov’s team highlights the fact that the process of issuing security patches to deal with problems is incredibly slow and essentially ineffective.
“We reported these vulnerabilities about three months ago, and Qualcomm started issuing patches,” he says, “But these patches need to go from Qualcomm to Google, and then to the different device manufacturers. In many cases the carriers also have their own version of the operating system, meaning that each security patch needs to go several phases before it reaches the device.”
“This process can take between months to years, and in many cases, most of the devices will never be patched.”
“There are manufacturers that are more aware of security concerns and are issuing security patches more frequently and to all their devices. But there are others that aren’t,” he tells Geektime, adding that, “Google has plans to address this problem by being able to deploy security patches to more devices, but so far this hasn’t been successful because there are compatibility issues and the Android market is too fragmented.”
Part of the problem is that most device owners are not aware of their protection status, and are unlikely to know if they are up to date. Looking to bring greater visibility, Check Point has put out a free app that users can download from the Google Play store that will let them know if they have the latest security patch available.
Recommendations for improving security
While vulnerabilities will always be a constant, Bobrov says that both the industry and consumers can take certain steps to shrink these gaps.
He says that the industry should rely more on the standard Android OS that is put out by Google, as opposed creating their own version, which will reduce the fragmentation and ease the process of getting security patches out quickly to users.
For enterprises, he suggests that they can use Check Point Enterprise Mobile Threat Prevention to secure their devices, noting that Check Point customers are already protected against this vulnerability.
On the consumer level, he warns against jailbreaking or rooting devices, as well as downloading apps only from the official Google Play store. He says that there can be “semi-legitimate reasons” to jailbreak a device, citing how recently many users did it to download Pokemon Go in countries where it had not yet been released, but adds that it opens users up to attacks with malicious trojans.
Another issue that arose in speaking with Bobrov was the problem of how the latest OS updates are dependent on users having the late model devices. For many consumers, both on Android and iOS, buying a new phone every two years feels excessive and opt to stay with their older devices. For those users, he says that they can either install a security solution, like some kind of anti-virus, and they should be more careful than other users.