First the signals of zagroeniu gaps QuadRooter pojawiy up on websites technological Mondays morning, bdc result of yesterday’s blog entry Check Point presentation and their use at DefCon in Las Vegas themed devoted to safety. According szacunkw Check Point, at risk may be even 900 million devices with Android bazujcych on Qualcomm chipsets. Started this gigantic number rozpalia internet to czerwonoci.
What ZEGO may become fixed, and how to avoid the problem?
The report Check Point mentions four gaps with ktrych three have been already Rozes appropriate updates. The last of them will be Zaat until the next update cycle miesicznym Google. What is the most pessimistic scenario to use it?
The user gives a Namwi on the installation application as a file with the extension APK, who will not require any additional powers (not raised by it any suspicion). Cyberprzestpca as a result of the installation file can gain remote control of the smartphone.
It should remind that the default Android blocks the installation of apps from unknown rde (that is, outside the store Google Play). If we do not change this setting, the longer we are away from danger. Naturally, the next step is well known here from the world of motoring principle of trust. I disagree on installing any software from an unknown rda.
Who wrapped
This side Qualcomm, not like you can byo originally sdzi Google ley entire cause of the problem. In the production process to a chipsetw installs additional drivers and Started to their code experts from Check Point had been able detect a threat. This means that Google does not byo in a position to provide for amendments to the code of Android, the gap dotyczyy layer of external hard- ware manufacturer. Amendments must therefore obtains directly from Qualcomm.
Representatives of Qualcomm were informed about everything already in April and classify a threat as high. According to the security policies of May in this case 90 days to release the relevant amendments before it will be possible to give the public knowledge information about detected zagroeniu. And you have to know that the procedure for the distribution of such amendment is not simple.
Just take a look at The following graphic from the report Check Point, in ktrej seen zoon track procedures and verifications as must go all the amendments.
rdo: Check Point
At each stage ( podzespow suppliers, manufacturers smartfonw, distributors and operators komrkowi) created a unique version of Android COMPLETE additional software. This significantly complicates the process of verification and distribution of patches for kocowego user. Problem know best smartfonw holders of the offer operatorw of cell. Android updates Reach them usually at the very end, even a few months later.
Is there a threat?
There is no powodw to excessive panic, provided that preserve the basic principles of security: we always have the most current Android as possible all amendments do not install any applications of unknown origin and not respond to provocations concerning this above measures. Check Point makes available a free tool to diagnose whether our smartphone is endangered the vulnerability QuadRooter, but beyond the fact notified us of this, can not do anything with it. Fortunately amendment of Google is already on the way.
[UPDATE: August 9 10:30] we received an official comment from Google amerykaskiego Branch of the threat Quadrooterem:
Devices of the series Nexus already have protection against 3 of 4 zgoszonych problemw. Currently we are working on a patch, which he has become eliminate the remaining gaps. Updates will be Rozes on all devices with origins boil.
REGARDING IN OTHER Android devices – all will be compulsorily covered by a patch of 6 September 2016. Additionally, update Google Play services , Verify Apps and Safety Net to provide an additional layer of protection. The use of the vulnerabilities depends largely on the system board from the user, who alone download and install a suspicious application. So far, there we met up with such prbami attack.
No comments:
Post a Comment