Lots of us are afraid of bugs – but while the fear of creepy crawlies is mostly irrational (remind me of that next time I’m up at one in the morning chasing a rogue spider around my bedroom please), the fear of cyber security ‘bugs’ is totally legitimate. A new security flaw in Android phones could give attackers access to tens of millions of devices – if you’re an Android user reading this and feeling your skin crawl, here’s how you can protect yourself!
The team down at mobile threat researcher Check Point has discovered a security flaw in Qualcomm processors which could be pretty serious; especially as those processors are used in millions of Android phones.
It was found in the software that deals in graphics and code which controls communication between different processes running inside a phone and, if an attacker got their hands on it, could let them gradually take control of a device and gain access to its data.
At the moment it doesn’t sound like there have been any instances of the bug being exploited ‘in the wild’ by attackers but Michael Shaulov, head of mobility product management at Check Point reckons it won’t be long now before it is.
Good news is, Check Point alerted Qualcomm earlier this year who got on it quickly and created patches for the vulnerability, distributing them to phone makers and operators. Less good news, there’s no confirmation of how many of these have actually issued the update to users.
So, picking up the slack once again, Check Point has sorted users with a free app called QuadRooter Scanner that lets them check if their phone is vulnerable by seeing if the patch has been downloaded.
As ever, it’s important to make sure you’re okaying updates on devices, as they will often contain patches such as this, and make sure that if you ever download anything it’s from a legit store like Google Play (or Apple Store if you’re on Team Apple).
It also highlights the need for manufacturers to stay on top of updates and push out patches regularly, especially in the older models.
If you’re still concerned, check in with your operator or manufacturer and double check. “People should call whoever sold them their phone, their operator or the manufacturer, and beg them for the patches,” said Shaulov.
Take a look at our security page for more information on the solutions we offer to protect your data.