Trustlook Inc., an innovator in next-generation mobile device security solutions, is taking steps to combat QuadRooter, the widespread vulnerability affecting millions of Android devices. First detailed by security researchers at Check Point at DEFCON 24 in August 2016, QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. In total, Check Point estimates that 900 million Android smartphones and tablets could be affected.
If any one of the four vulnerabilities is exploited, third party apps could gain special system privileges, or access to a user’s SMS database or phone history, without a user’s knowledge. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.
To determine if a user device is vulnerable to this threat, Trustlook released a free Qualcomm QuadRooter Scanner application (available on Google Play) that enables Android phone owners to check for themselves. If the device is exposed, a user may be able to download a software update from the device manufacturer that contains a security patch.
“Most troubling about the QuadRooter vulnerabilities is that for many Android devices, especially the older models, there may be no immediate security patch available,” said Allan Zhang, CEO and Co-Founder of Trustlook.
Therein lies a significant issue with security on the Android platform. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data. It is such a large problem that the Federal Trade Commission (FTC) and Federal Communication Commission (FCC) have recently sent letters to major players in the smartphone industry expressing their concern over how quickly updates are being issued after a vulnerability is reported.
Trustlook is working on providing detection against any additional Qualcomm vulnerabilities that may occur. Any user with a Qualcomm powered mobile device or tablet is encouraged to continually monitor their device. “Users should run a quick scan of their phones and contact their phone manufacturer for security patches if they are affected,” said Zhang.
For more information on Trustlook and its products, please visit http://www.trustlook.com.
Trustlook (www.trustlook.com) is a global leader in next-generation mobile device security with solutions that find more vulnerabilities sooner than any other to provide the industry’s smallest vulnerability window. The innovative Trustlook Mobile Security-as-a-Service (MSaaS) cloud platform and Sentinel on-device platform deliver the performance and scalability needed to provide total threat protection against viruses, spyware, phishing, ID theft, data loss, snooping and other forms of attack. Trustlook’s solutions protect users from both known and zero-day threats by examining over 20,000 new and updated applications every day for malware and malicious behavior. Founded in 2013, the company is headquartered in San Jose and managed by leading security experts from Palo Alto Networks, FireEye, Google and Yahoo.