Qaulcomm Bug Can Auto-Root 900Million Devices

akhenax · Aug 9, 2016

xeene said:
An attacker would have to trick a user into installing a malicious app, which unlike some malware wouldn’t require any special permissions.

The bad news, then, is that once the app is installed, it can gain full root access to the device without requesting permissions from the owner, but you’re not at risk if you stick to known apps installed directly from Google Play.

I've never seen an app get full root permissions on the phone without me explicitly giving it. How does that happen, maybe in recovery?

johnomaz · Aug 9, 2016

Galaxy S7 Edge

Narsil · Aug 9, 2016

If you're concerned about apps accessing data you don't want them to (even ones that "require" it to function) check the XPrivacy module for Xposed. It spoofs your apps into using blank data files so that your actual information is protected if you want it to be but used only by the apps you allow. It's pretty amazing to me what it does. I can now use apps that I wouldn't ordinarily use because I was unwilling to give a game access to my text messages and contacts. Now, the game is happily data-mining blank files and I'm happily playing.

I wonder if XPrivacy would do the same to a malicious rooting app? Of course, you have to already BE rooted to use XPrivacy.

FoxKat · Aug 9, 2016

sajokaz said:
Any idea which "New Moto X"? Not that I am concerned one bit, just curious since I have a few newer Moto X's.

Sent from my XT1585 using Tapatalk

I would surmise the word "New" to mean specifically the second generation Moto X given the exploit is for a specific generation of Qualcomm processor class.

Sent from my XT1585 using Tapatalk

FoxKat · Aug 9, 2016

What's most impressive to me is that the Blackphones are part of the affected group. This just goes to show you that the more complicated these devices become the harder it is to secure them and the more likely that unknown bugs can result in exploits.

Sent from my XT1585 using Tapatalk

FoxKat · Aug 9, 2016

Narsil said:
If you're concerned about apps accessing data you don't want them to (even ones that "require" it to function) check the XPrivacy module for Xposed. It spoofs your apps into using blank data files so that your actual information is protected if you want it to be but used only by the apps you allow. It's pretty amazing to me what it does. I can now use apps that I wouldn't ordinarily use because I was unwilling to give a game access to my text messages and contacts. Now, the game is happily data-mining blank files and I'm happily playing.

I wonder if XPrivacy would do the same to a malicious rooting app? Of course, you have to already BE rooted to use XPrivacy.

Excellent advice for those of us who do run rooted phones. It is also just one more reason that being able to root is desirable for some. I would add this to my (very short) list of reasons though my phone, the Motorola Turbo 2 is (afaik) as of yet not rooted.

Sent from my XT1585 using Tapatalk

Sajo · Aug 9, 2016

Here's something I have been curious about. It seems like there have been quite a few supposed "major vulnerabilities" making so many headlines the past year or so (Stagefright, QuadRooter, etc.); scaring many people that may not understand the difference between vulnerable and infected. Has anyone actually heard of a phone becoming infected by one of these? Truly infected and hacked with malicious code?

Mustang02 · Aug 9, 2016

Efin · Aug 9, 2016

sajokaz said:
Here's something I have been curious about. It seems like there have been quite a few supposed "major vulnerabilities" making so many headlines the past year or so (Stagefright, QuadRooter, etc.); scaring many people that may not understand the difference between vulnerable and infected. Has anyone actually heard of a phone becoming infected by one of these? Truly infected and hacked with malicious code?

Every one of your posts is infected...

Seriously, no.

Sajo · Aug 9, 2016

Efin said:
Every one of your posts is infected...

Seriously, no.

I try to spread the joy

Sent from my XT1585 using Tapatalk

Efin · Aug 9, 2016

sajokaz said:
I try to spread the joy

Sent from my XT1585 using Tapatalk

So that's what that smells like...

liftedplane · Aug 9, 2016

sajokaz said:
I am sending you malicious files via SMS now....don't open the attachment.

Just kidding... obviously.

Sent from my XT1585 using Tapatalk

I don't wanna be left out of this party, Send me some malicious files too please.

Seriously, If you can root your phone it's vulnerable... wtf... just wtf, way to try to scare people.

Sajo · Aug 10, 2016

Here is an interesting article related to this new "threat"

No, 900 million Android devices are not at risk from the 'Quadrooter' monster
No, 900 million Android devices are not at risk from the 'Quadrooter' monster

Sent from my XT1585 using Tapatalk

Mustang02 · Aug 10, 2016

The sky is falling the sky is.....wait you mean this new 'bug' doesn't really do anything?

Efin · Aug 10, 2016

Yes, it offers apps for sale that would prevent this from maybe occurring...
Like Norton and their programmers that make viruses on the side to create a need for the virus software...

Qaulcomm Bug Can Auto-Root 900Million Devices

akhenax

Silver Member

johnomaz

Silver Member

Narsil

Silver Member

FoxKat

Premium Member

FoxKat

Premium Member

FoxKat

Premium Member

Sajo

Diamond Member

Mustang02

Diamond Member

Efin

Diamond Member

Sajo

Diamond Member

Efin

Diamond Member

liftedplane

Gold Member

Sajo

Diamond Member

Mustang02

Diamond Member

Efin

Diamond Member

Most reactions - Past 7 days

Similar threads