900 million Android phones could be at risk from massive security flaw

Huge security flaws have been found in software used by Android phones.

The issue could give attackers complete access to your phone’s data according to the BBC. Checkpoint researchers uncovered a bug in software on chipsets made by Qualcomm. This software is found in about 900 million Android phones. Don't panic just yet, because there is no evidence of the vulnerabilities currently being used in attacks by hackers. "I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head of mobility product management at Checkpoint.   If exploited, the vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also give an attacker with capabilities access to areas like keylogging, GPS tracking, and recording video and audio. The devices that are known to have been infected include:

• BlackBerry Priv and Dtek50
• Blackphone 1 and Blackphone 2
• Google Nexus 5X, Nexus 6 and Nexus 6P
• HTC One, HTC M9 and HTC 10
• LG G4, LG G5, and LG V10
• New Moto X by Motorola
• OnePlus One, OnePlus 2 and OnePlus 3
• US versions of the Samsung Galaxy S7 and Samsung S7 Edge
• Sony Xperia Z Ultra

Checkpoint gave information about the bugs to Qualcomm earlier this year. And as a result, Qualcomm is believed to have created patches for the bugs and have started using the fixed versions in its factories. It also distributed these patches to phone makers and operators. But it is difficult to tell if those companies have issued these as updates to customer’s phones. If you happen to own an Android device and are worried you have been affected, Checkpoint has created a free app called QuadRooter Scanner, which can be used to check if your device is vulnerable to the bugs. It does this by searching to see if the patches for them have been downloaded and installed.