1. Aquila's Avatar
    Start here: QuadRooter: 5 things to know about the latest Android security scare | Android Central
    Then ignore every tech rag that doesn't treat this as utterly nonsense.

    CVE – 2016 – 2503 – Already in Google's July security patch, requires physical access to unlocked device.
    CVE – 2016 – 2504 – Already in Google's August security patch, requires physical access to rooted device
    CVE – 2016 – 2059 – Already patched by Google, requires physical access to device
    CVE – 2016 – 5340 – requires root, in pending September patch.

    Devices with processors shipped after April 2016 should not be impacted.

    Lesson, don't root your phone, turn off all the security features and then hand it to a bad person.

    900 million is the wrong number.

    Let's instead count the number of (1) active (2) snapdragon powered devices that are (3) not yet updated to Kit Kat, (4) haven't received a security update since at least June and are (5) physically in the hands of sophisticated criminals that are (6) using this set of exploits on a (7) rooted and (8) unlocked device, (9) without the owner being aware of the fact that the device is missing.

    Those are 9 pretty specific conditions. Is the real number higher than 0? Maybe. Is it higher than 100? There's no way that's possible. Generously we could grant 25 devices. 25 vs 900 million. That's a bit of an exaggeration to say 900, right?

    Oh wait, if you have unrestricted physical access to someone's device and it's unlocked and rooted ... YOU DON'T NEED AN EXPLOIT! This is pointless. All vulnerabilities that require physical access to the device (3 of the 4 here) are ignoring the fact that you already have physical access to the device and therefore wouldn't need an exploit.
    08-08-2016 02:14 PM
  2. B. Diddy's Avatar
    omg the sky is falling
    08-08-2016 05:03 PM
  3. TJA3500's Avatar
    All vulnerabilities that require physical access to the device (3 of the 4 here) are ignoring the fact that you already have physical access to the device and therefore wouldn't need an exploit.
    I think they're talking about someone else having access to your device.
    08-08-2016 05:12 PM
  4. Aquila's Avatar
    I think they're talking about someone else having access to your device.
    Yes; 3 of the 4 vulnerabilities require the attacker to have physical access to the device. And any such vulnerabilities are kind of a moot point, because the attacker actually has possession of your device... If you look at CVE – 2016 – 2503 and CVE – 2016 – 2504, both require the attacker to have you device in their possession, one requires root and one requires that the phone be unlocked, as in your PIN or Password has been bypassed. If an attacker has your phone and you've done them the favor of rooting it and letting them past your lock screen... they don't need an exploit to do anything else; they can simply do whatever they want. So the exploit is redundant.
    Laura Knotek likes this.
    08-08-2016 05:44 PM
  5. TJA3500's Avatar
    But if an attacker has taken your phone, why would you care if they install this on what used to be your phone?
    You're not getting it back I would presume.
    08-08-2016 05:51 PM
  6. Aquila's Avatar
    But if an attacker has taken your phone, why would you care if they install this on what used to be your phone?
    You're not getting it back I would presume.
    That's kind of the point; it's why criteria 5 & 9 in the OP make the FUD about this scare so much nonsense.
    B. Diddy and Laura Knotek like this.
    08-08-2016 05:53 PM
  7. mwara244's Avatar
    Does anyone Know if Avast can detect QuadRooter? Or any other security app like Lookout or whoever?

    I sideload o few apps, I usually read reviews from reddit or XDA if they seem safe enough, but don't want to update apps if it could be installed. I use apps like [redacted], Terranium TV, movie droid all with localcast/ chromecast. These apps usually cover what my streaming services like Prime, Netflix, and Uverse don't.

    I never used Kodi yet but am going to find info on it, hopefully a nood guide. Since everyone and their father seems to use it. It's the only service I haven't used shockingly since I have used everything else.
    08-09-2016 04:21 AM
  8. Aquila's Avatar
    Google confirms 'Verify Apps' can block apps using QuadRooter vulnerabilities http://www.androidcentral.com/google...ooter-exploits
    08-09-2016 08:34 AM
  9. Joeykool's Avatar
    So the app found this... Should I be concerned?

    Posted via the Android Central App
    Attached Thumbnails Let's talk about QuadRooter-17935.jpg  
    08-09-2016 10:28 PM
  10. Aquila's Avatar
    So the app found this... Should I be concerned?

    Posted via the Android Central App
    Are you rooted? Do you regularly install apps from outside the play store? Is your phone exposed to use by criminals without your knowledge?
    08-09-2016 11:08 PM
  11. Joeykool's Avatar
    No root....

    Yes I install a few apps outside the store

    I'm the only criminal using my phone.

    Posted via the Android Central App
    08-10-2016 08:52 AM
  12. Aquila's Avatar
    No root....

    Yes I install a few apps outside the store

    I'm the only criminal using my phone.

    Posted via the Android Central App
    Are you on software newer than kit Kat?
    08-10-2016 09:07 AM
  13. Joeykool's Avatar
    6.0

    Posted via the Android Central App
    08-10-2016 09:49 AM
  14. Aquila's Avatar
    6.0

    Posted via the Android Central App
    Odds of you having issues due to this are smaller than the odds of you, in a single day, waking up, getting hit by lightning while in the shower, surviving, going to the deli, buying a ticket and winning the lottery, getting the cash that afternoon, betting it all on 00 on roulette at a casino in Paris, winning and then marrying the Queen of England that night.

    That said, try to avoid downloading shady apks from shady places; that sounds like your only security hole and there are still many others that protect on that front.
    B. Diddy likes this.
    08-10-2016 10:22 AM
  15. Joeykool's Avatar
    Lol.... Thank you for your help. Much appreciated!

    Posted via the Android Central App
    Aquila likes this.
    08-10-2016 10:59 AM
  16. B. Diddy's Avatar
    in a single day, waking up, getting hit by lightning while in the shower, surviving, going to the deli, buying a ticket and winning the lottery, getting the cash that afternoon, betting it all on 00 on roulette at a casino in Paris, winning and then marrying the Queen of England that night.
    It's like you're writing my biography!

    Oh darn, my phone's hacked.
    Aquila likes this.
    08-10-2016 05:18 PM
  17. Aquila's Avatar
    Blackberry patched the fourth vulnerability today ahead of the full release of the September security update. BlackBerry Priv and DTEK50 first to be fully patched against all QuadRooter vulnerabilities | Android Central

    Of course it's interesting that BB was already immune to the fourth. The vulnerability they would be patching today is CVE - 2016 - 5340. Which requires root to be exploited. Blackberry phones can't be rooted.
    B. Diddy likes this.
    08-15-2016 03:10 PM

Similar Threads

  1. Replies: 5
    Last Post: 08-09-2016, 12:20 PM
  2. QuadRooter
    By Phosjaw in forum Ask a Question
    Replies: 2
    Last Post: 08-08-2016, 11:51 PM
  3. Replies: 0
    Last Post: 08-08-2016, 11:10 AM
  4. What do you think about this wireless charger?
    By AC Question in forum Ask a Question
    Replies: 2
    Last Post: 08-08-2016, 10:38 AM
  5. Question about the sd card that's bundled
    By atomicpower in forum Samsung Galaxy Note 7
    Replies: 1
    Last Post: 08-07-2016, 11:52 PM
LINK TO POST COPIED TO CLIPBOARD