Android Ping!
Posted on 08/11/2016 2:30:21 AM PDT by Swordmaker
The “Quadrooter” vulnerabilities in Qualcomm-based Android phones might grant total control over target devices, but Google reckons attacks should hardly ever reach users.
The Chocolate Factory reckons the Verify Apps feature in its Play Store was already blocking apps that tried to take advantage of Quadrooter.
Only a reckless user would be compromised in the first place, since you'd have to download a compromised app from a non-Google source – and that's where Verify Apps comes in.
Google pointed out to Android Central that the four-year-old feature, along with its SafetyNet, was designed to protect users from non-Play Store malice.
Instead of a “this file may harm you”, Verify Apps should completely block an app trying to exploit Quadrooter, Google says – and since that feature protects everything from Android 4.2 onwards, by Google's Android population data, more than 90 per cent of devices out there are protected.
When Checkpoint first announced Quadrooter, Square's Dino Dai Zovi said Verify Apps would probably protect users against the attack.
Only one of the vulnerabilities, CVE-2016-5340, remains unpatched in current Androids (if you're lucky enough to get prompt updates): “The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.”
Google says it will have that one patched soon.
Sponsored: Global DDoS threat landscape report
Pinging for Google’s comments on Quadrooter.
Well, if they’re telling the truth that’s that.
This article is written in a parallel language.
Android with a huge security hole, Microsoft accidently leaking the master key, but people still whine that apple keeps too tight control of their eco system. Heh.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.