Solved: Qualcomm Vulnerabilities

Anonymous · ‎08-08-2016

Can we expect patches soon to protect us against QuadRooter?

For those that have not heard, QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Some of the devices at risk include, Google Nexus 5X, Nexus 6, Nexus 6P, HTC One, M9, 10, LG G4, LG G5, LG V10, Samsung Galaxy S7, S7 Edge, and Sony Xperia Z Ultra. But this is not a complete list.

An attacker can exploit the vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.

There is a QuadRooter Scanner, thanks to Check Point, in Google Play that people can download and check their phones with.

But until 02/Google/Qualcomm supply us all patches, we are at serious risk, especially now these issue have been made public.

Chris_K · ‎15-08-2016

Hi guys,

We've posted an update about this here:

- http://community.o2.co.uk/t5/Android-Devices-Samsung-HTC-Sony/Android-bug-concern/m-p/990869#M57799

iPhone 15 Megathread // Don't fall for scams // How to get Volt benefits
Contact us on Social Media: Facebook // Twitter // Instagram

MI5 · ‎08-08-2016

Discussion here http://community.o2.co.uk/t5/Android-Devices-Samsung-HTC-Sony/Android-bug-concern/td-p/989471
You'll see @Martin-O2 is checking.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)

Anonymous · ‎08-08-2016

Would be nice if it was them informing us, and not us chasing them.

MI5 · ‎08-08-2016

I've never known it any different....
No need to panic though. Don't install any apps other than from Play and follow the usual spam safety rules and you should be fine. All software is full of bugs and vulnerabilities - we never hear of 90% of them....

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)

Anonymous · ‎08-08-2016

I think the advice would be more like, do not install any more apps at all, until this is patched. Including from Play! This vulnerability is a tad more serious than the usual ones that are floating about.

MI5 · ‎08-08-2016

They always say this one is worse than the last but you must do whatever you are comfortable with.
What phone do you have anyway and is it on O2 or OE generic firmware?

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)

Anonymous · ‎08-08-2016

I am going by what the vulnerabilities are, I can see just how serious they are. Not from any media report scaremongering. An app would need no special permissions in Android to be able to do what it wanted, because of them. That is pretty much as serious as it gets.

Anonymous · ‎08-08-2016

Patches to some of the Vulnerabilities were release in Google's July 2016 update which I believe has been pushed out by O2 already. (on my Nexus 5x)

https://source.android.com/security/bulletin/2016-07-01.html

Some more are due to be patched by Google's August 2016 update which has been release to providers & should be available from O2 soon.

https://source.android.com/security/bulletin/2016-08-01.html

And from what I can see there remains only one more vulnerability that Google hasn't release a fix for yet which probably will not be available until early September.

Users can check if their phones are vulnerable using Check Point's free Quadrooter Scanner app from the Google Play store.

Anonymous · ‎09-08-2016

As far as I am aware that stuff you have linked to really only applies to Google's own Nexus devices. And probably not if they run via O2 Android, unless they have been rooted.

As far as I am aware, the patches were first made by Qualcomm, then passed on. The problem is that now we all wait for the mobile manufacturers and airtime providers to make their own tweaks and pass it on to us. Unless running rooted device!

MI5 · ‎09-08-2016

Unbranded handsets should get the updates in the monthly security releases as far as o2 is concerned, Martin is checking.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)