back to article Latest Androids have 'god mode' hack hole, thanks to Qualcomm

Four Qualcomm vulnerabilities grant malware writers total access to modern Android smartphones. Yes, yes, nine hundred meellion "potential" users, if you're counting. Attackers can write malicious apps that, when installed, exploit the software flaws to gain extra privileges on Android Marshmallow and earlier versions of …

  1. gollux
    WTF?

    Totally flaming awesome!!!

    It's a grand world where amazing things happen. Please keep the wondrous software and firmware coming into our lives for the beauty they bring!

  2. Anonymous Coward
    Anonymous Coward

    "Do you feel lucky, Punk?"

    So you have figured out I am concerned about security - and you want me to install an APP with just a handful of installs??? What sort of person do you think I am? Sheez...

    1. Bloodbeastterror

      Re: "Do you feel lucky, Punk?"

      My thought exactly... :-)

    2. FrogsAndChips Silver badge
      FAIL

      Re: "Do you feel lucky, Punk?"

      Same thing here.

      For 2 seconds I looked for the field where I could input my mobile's model and check if it was vulnerable, before I realized I was on the PlayStore page (yes, I should have known before I clicked, but I expected better from El Reg).

      Can't be bothered to install an app for the sole purpose of checking if I'm vulnerable to 1 specific exploit, so thanks, but no thanks.

  3. hypernovasoftware

    Android - the real Windows mobile OS.

    1. Planty Bronze badge
      FAIL

      Not really. Never ever actually seen a exploited Android device in the wild, despite Stagefright, despite this and all the other scare stories.

      Not a day goes by where I don't see a malware infested Windows device.

      Those two are literally worlds apart. Anyone that claims different is either an idiot, or has an agenda.

      1. Anonymous Coward
        Anonymous Coward

        Windows didn't suffer any mass attack until years after they were possible, despite all kinds of warnings about how big of a problem they could be. It took the example of multiple such attacks spreading like wildfire to get Microsoft to start taking security seriously. And it wasn't until Windows 7 that the extra attention started having any real effect (not that 7 is 100% secure, but it is significantly better than XP even XPSP3 ever was)

        The day is coming where there will be a mass Android attack - which will probably spread itself by sending MMS to your contacts who will send it theirs, and so on. Sure maybe in two years 50% of Android devices won't be vulnerable to the MMS exploits (unless new ones are found, which isn't unlikely) but that would still mean hundreds of millions of devices could be compromised in a day.

        Its just a question of whether someone will do it for the notoriety, or if they will have a revenue model in mind (clickjacking, stealing bank info or whatever)

  4. Neil 44
    Childcatcher

    Nexus OK?

    "Owners of pure Android Nexus handsets are already patched, provided they accepted the over the air updates..."

    No they aren't! Both my Nexus 5X and 7s report 2 vulnerabilities despite being patched to July 16 level...

    Maybe August's goodies will really provide the fixes...

    1. Payne

      Re: Nexus OK?

      In addition to that my Nexus 5X running Android 7.0 beta with 5 July 2016 patch level also shows up as vulnerable to CVE-2016-5340. Well, isn't that wonderful.

      1. Anonymous Coward
        Anonymous Coward

        Re: Nexus OK?

        Google stated that Nexus fixes for the last of the vulns (after 5th August updates) will be released in early September. The delay is because the patch for this was not released until too late for the August batch.

        1. Anonymous Coward
          Anonymous Coward

          Re: Nexus OK?

          And why can't they do an Out-Of-Band update given the potential of the exploit, especially if they combine this with a silent install exploit?

        2. bazza Silver badge

          Re: Nexus OK?

          Looks like people at BlackBerry have had a busy weekend - they're now rolling out August 5th patches to their Priv Android phone, or least the factory unlocked SIM free ones.

          Fairly smart work. Apart from Nexus and with BlackBerry being hot on Google's heels, who else is keeping their products that up to date?

          1. Nelbert Noggins

            Re: Nexus OK?

            Just the CVE-2016-5340 remaining as outstanding on the Priv.

            Whether BlackBerry will push it early or leave it until next months round-up we shall see.

          2. Anonymous Coward
            Anonymous Coward

            Re: Nexus OK?

            "...who else is keeping their products that up to date?"

            CyanogenMod, that's who.

    2. RFC822

      Re: Nexus OK?

      My Nexus 6 is running MOB30W (dated 5 August) and the Checkpoint app says that I'm affected by all 3 vulnerabilities...

    3. Neil 44

      Re: Nexus OK?

      With the 5th August patch MOB30X, Nexus 7 is down to one (CVE-2016-5340).

  5. Paul Hayes 1

    My Nexus 6 still shows as vulnerable to two of them. It is patched up to 5th July 2016 as well. There should be a monthly update pushed out any day now so I'd expect this will fix them.

    1. Charles 9

      Last I heard, it won't make the August patch cycle because it was submitted too late. Meaning September at the earliest.

  6. PabloPablovski

    My middle-aged Galaxy S3 is frustratingly not vulnerable to these vulns, even though it was last patched in the mid 90s (I think it was).

    Very disappointed - I was looking for a spurious excuse to upgrade. Can't these feckers do anything right?

    1. Shades
      Trollface

      "even though it was last patched in the mid 90s (I think it was)"

      As the S3 was only released in 2012 you're not even close! ;)

      1. PabloPablovski
        Facepalm

        I distinctly remember playing [url=https://www.youtube.com/watch?v=ilKcXIFi-Rc]this[/url] when the last update was downloading. 1995, QED (never mind that Android 1.0 was only released in 2008.)

        Whoosh?

  7. CmdrX3

    What else can one say...

    ...oooops!!!

  8. chasil

    Towelroot refresh?

    It would be wonderful if a user-focused .APK was released that installed SuperSU on vulnerable phones using this exploit, as Towelroot did.

    Even better if it managed to get S-OFF, and we could use it to definitively clear this vendor brain damage.

    Perhaps Sunshine will be getting an update soon.

    1. Charles 9

      Re: Towelroot refresh?

      No, because thanks to SafetyNet, more apps are becoming root-aware. Rooting now has more risks than before, as apps you used before could balk.

      1. Anonymous Coward
        Anonymous Coward

        Re: Towelroot refresh?

        Irrelevant.

        There are ways to hide the root status from individual apps - I've used one with flawless success. Get xposed and you won't regret it!

        1. Charles 9

          Re: Towelroot refresh?

          "There are ways to hide the root status from individual apps - I've used one with flawless success. Get xposed and you won't regret it!"

          How when SafetyNet checks itself with an encrypted connection back to Google AND can upgrade itself through that same connection? We don't know Google's private key. SafetyNet can even detect /system-less root now.

      2. chasil

        Re: Towelroot refresh?

        What app would I ever want to run that insisted that I relinquish control of my phone?

        NONE!

        What sane app would *insist* that we run a flawed /system/lib/libstagefright.so that would allow a system to be cracked like an egg?

        What SHOULD happen is banking and finance apps that refuse to run on vulnerable systems. When Citibank and Wells Fargo start blocking Android 4.4 KitKat and lower, Google and the OEMs will probably find a way to get patches out.

  9. muttley
    Happy

    Huawei/Kirin for the win

    For now, at least :)

  10. Anonymous Coward
    Anonymous Coward

    Hmm, Android might have security flaws, but I don't seem to remember anyone ever making a Web page that could root an android device with one swipe.

  11. Isitari

    My Note Edge has 3 vulns but hopefully it'll get patched fairly quickly as Samsung have been doing well patching everything with monthly updates, also as I'm using an unlocked phone no need to wait for the mobile networks to okay the patches!

  12. Montreal Sean

    Balls.

    My ZTE Z850 and Moto G LTE are vulnerable to all 4.

    Fat chance they'll get patched.

  13. Bucky 2
    Big Brother

    Risk categories

    As I see it, there are two primary risk categories.

    1) Jailbroken phones, the owners of which install stuff from everywhere.

    2) Non-jailbroken phones, the owners of which only install from the Play store.

    Naturally, all vulnerabilities affect category #1. But I'm frequently unclear on whether category #2 people should shit their pants with worry on a daily basis until their phone is patched, or whether they should just ignore such reports as irrelevant.

    1. Kevin McMurtrie Silver badge

      Re: Risk categories

      "Jailbroken" isn't all bad. A scan of Cyanogenmod 13 shows only one vulnerability and the fix is in tonight's build.

    2. Anonymous Coward
      Anonymous Coward

      Re: Risk categories

      Jailbroken refers to Apple only. Android has no such walled garden.

      Perhaps you're thinking of bootloader unlocking or rooting.

  14. Anonymous Coward
    Anonymous Coward

    Well fucking brilliant.

    Just spaffed £300 on a NEW Sammy S2 tablet with the NEW QUALCOMM processors to find it is vulnerable to a NEW exploit.

    Dear Sammy and QUALCOMM.

    That's a load of fail right there ffs...

  15. Anonymous C0ward

    M9 with latest SlimRoms

    I have 2 vulns.

  16. Jonathan 27

    Moto X Play, up to date

    I have Marshmallow and all the current updates for the Moto X Play, all 4 vulnerabilities. I don't think I would have bought this phone if I had known Moto was switching to a Samsung-like update policy.

    Oh, and my Pixel C is immune, of course.

  17. Bakana

    What about ...

    Personally, my biggest complaint is all the "Crap Apps" that Android has Baked In from the "Factory" by Google.

    As far as I can tell, no matter what I do, there are a whole Bunch of "Services" that I neither Want nor Need nor Use but which will keep right on sucking up my battery power, no matter What I do.

    I've tried disabling stuff. The list is so long that it would take me a Week. Then there are all the ones that Can't be disabled because the Phone somehow Needs them to function as a Phone.

    And, to cap the futility, Android keeps automagically downloading Updates that turn everything back on just a couple days after I turn them all OFF..

    1. Anonymous Coward
      Anonymous Coward

      Re: What about ...

      Root

      Greenify

      Amplify

      Powernap

      Thank me for your two day battery life.

      1. Anonymous Coward
        Anonymous Coward

        Re: What about ...

        SafetyNet

        dm-verity enforcing

        Thanks for breaking my system and apps, as custom ROMs and apps don't know Google's signing key.

  18. Hans 1
    Linux

    no nexus or BlackBerry ? mod it

    Open source and you get the fixes fast, look at cyanogenmod ... this is especially true if you have a Sony that is older than 18 months or a noname...

    Cyanogenmod even beat BlackBerry !!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: no nexus or BlackBerry ? mod it

      My not-that-old flagship still gets nightlies, but I won't be hold my breath for CM 13/Marshmallow. There are other ROMs (mostly Lollipop-based, or flaky Marshmallow builds) but the logic of which phones stay interesting to devs enough to support eludes me.

  19. Joe 35

    ...... and Blackphone 1 and 2.

    ..... oh the irony.

  20. Michael Habel

    Samsung Tab Pro 8.4 (SM-T325)

    Running CyanogenMod 13, with August 5th Security Update(s). Affected by Two 'ploits.

    CVE-2016-2059, and CVE-2016-2504 I guess I'll try reporting these in the Tab Pro Board(s), over at XDA-Developer's where the ROM Maintainers might take some notice.

  21. Anonymous Coward
    Trollface

    I know who to blame!

    How did MSFT do this evil?

  22. Lyndon Hills 1

    Square mobile security hacker Dino Dai Zovi

    Seems a bit unkind, or he really that shape?

  23. Bob Dole (tm)
    Boffin

    Professional DJ in the house!

    "The ecosystem is such that it makes exploitation more difficult because it needs to be designed for [each device],” Dai Zovi said at the time. “[Android] security features like verify apps, and Google Play store application checks makes it a much safer system.”

    Spin it baby. Spin it.

  24. EasyGingeR

    Can you please tell me how to install it on my S20 fe. Complete novice at android

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like