Qualcomm isn’t a name you hear often outside of football stadiums, but the chipmaker is responsible for an enormous number of smartphone chips. If you own an Android phone, there’s a good chance Qualcomm has made something it runs on. And that may mean millions of phones are vulnerable to a newly discovered set of vulnerabilities. But while the “one billion phones at risk” statement makes for a great headline, it’s not quite true and obscures the real problem.
Called “QuadRooter” by the company that uncovered it, the problem lies in the firmware of Android devices using Qualcomm chips. “Firmware,” as the name implies, is the layer between hardware and software. Its code is permanently embedded in chips that help them communicate with other parts of the phone and operate efficiently. And it turns out Qualcomm’s firmware has several loopholes an industrious hacker could take advantage of, tied to several key functions of the phone.
So, panic, right? Not so much. The good news is that you’d need to download an unauthorized app for this to happen, and you have to know exactly what to do for that to happen in the first place. Unless you’ve configured your phone to download apps from outside Google’s official Play store, there’s almost no chance you’ve been exposed to QuadRooter. Furthermore, CheckPoint, the company that found the vulnerability, first let Google know about the problem in April before informing the public in August. Google has almost certainly been scanning any apps in the Play Store for it, so it’s very unlikely you’re at risk. For now, anyway.
The fundamental problem with QuadRooter is that it’s not easy to fix firmware on your phone. Even with monthly security patches, rewriting firmware is a complex process. This is, quite literally, changing the way your phone talks to its various components, and one mistake in the firmware might make your phone little more than an expensive chunk of minerals and glass.
For many, the “fix” will be buying a new phone when Qualcomm debuts new chips. So, while you may not be vulnerable at the moment, you are still at risk. If you’re concerned, delete your credit cards from your smartphone, if possible, and limit your use of apps that require data like your financial info or your Social Security number. You’re not at risk for now, but better safe than sorry.
(Via Android Central)