Mobile researchers from Check Point Software Technologies have announced four new vulnerabilities affecting over 900 million Android smartphones and tablets.
In his presentation at Def Con 24, Check Point lead mobile security researcher Adam Donenfeld revealed four major vulnerabilities affecting Android devices built using the Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets, with a 65% share of the LTE modem baseband market in the Android ecosystem.
Check Point calls the set of vulnerabilities QuadRooter. If exploited, the vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.
The vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. An attacker can exploit these vulnerabilities using a malicious app. This app would require no special permissions to take advantage of the vulnerabilities, which means it would not make users suspicious. The estimated 900 million affected devices include these models:
- Samsung Galaxy S7 & S7 Edge
- Sony Xperia Z Ultra
- Google Nexus 5X, 6 & 6P
- HTC One M9 & HTC 10
- LG G4, G5 & V10
- Motorola Moto X
- BlackBerry Priv
Since the vulnerable software drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the device’s distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.
Check Point has released a free QuadRooter scanner app, available from Google Play, that enables Android users to find out if their device is vulnerable, and prompt them to download patches for the problem. The link will be also available from http://blog.checkpoint.com/
Michael Shaulov, head of mobility product management for Check Point said: “Vulnerabilities like QuadRooter bring into focus the unique challenge of securing Android devices, and the data they hold. The supply chain is complex, which means every patch must be added to and tested on Android builds for each unique device model affected by the flaws. This process can take months, leaving devices vulnerable in the interim, and users are often not made aware of the risks to their data. The Android security update process is broken and needs to be fixed.”
Check Point recommends the following best practices to help keep Android devices safe from attacks that try to exploit any vulnerabilities:
· Download and install the latest Android updates as soon as they become available.
· Understand the risks of rooting devices – either intentionally or from an attack
· Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, download apps only from Google Play.
· Read permission requests carefully when installing any apps. Be wary of apps that ask for permissions that seem unusual or unnecessary, or use large amounts of data or battery life.
· Use known, trusted Wi-Fi networks or while traveling use only those that you can verify are provided by a trustworthy source.
· End users and enterprises should consider using mobile security solutions designed to detect suspicious behaviour on a device, including malware that could be obfuscated within installed apps.
Check Point researchers provided Qualcomm with information about the vulnerabilities in April 2016. The team then followed the industry-standard disclosure policy (CERT/CC policy) of allowing 90 days for Qualcomm to produce patches before disclosing the vulnerabilities. Qualcomm reviewed these vulnerabilities, classified each as high risk, and has since released patches to original equipment manufacturers (OEMs).
Smash hits the Nintendo Switch
Super Smash Bros. delivers what the fans wanted in the latest “Ultimate” instalment, writes BRYAN TURNER.
Super Smash Bros. Ultimate, the latest addition to the popular Nintendo Smash series, has landed on the Nintendo Switch with a bang, selling 5-million copies in the first week of its release. The game has been long-anticipated since the console’s release, as many fans consider
It features 74 playable fighters, 108 stages, almost 1300 Spirit characters to collect while playing, and a single-player Adventure mode that took about three days (or 28 hours) of gameplay to complete. The game offers far more gameplay than its predecessors, making it the Smash game that gives its players the best bang for their buck.
For those new to the game, the goal is to fight opponents and build up their damage score (draining their health) to knock them off the stage eventually. This makes the game seem chaotic, as many players jump around the platforms as if they were on quicksand, in order to avoid being hit by the other players.
It also services two kinds of players: the competitive and the casual.
Competitive players can be matched on the online service by skill ranking to enjoy playing with similarly high-skilled opponents. This is especially important in e-sports training for the game, and for players wanting to master combos against other human players. The casual gamer is also catered for, with eight-player chaos and button-mashing to see who comes out luckiest. This segment is also important for those wanting to learn how to play.
Training mode is also a place to go for those learning to play. It offers “CPU” players that are graded by intensity to train as a single player to learn a character’s moves, combos and general fighting style. More challenging CPU players can also be used by competitive players to train when there isn’t a Wi-Fi connection available.
Direct Play features in this game, allowing two players with two Switch consoles to play against each other over a direct connection – no Wi-Fi needed. This is especially useful to those who want to have a social gaming element on the go, similar to that of the cable connector of the Gameboy.
Click here to read Bryan Turner review of Super Smash Bros. Ultimate.
Win Funko Fortnite in Vinyl
Gadget and Gammatek have nine Funko Fortnite figurines to give away.
A Funko Pop figurine based on a character set is indicative of reaching the heights of pop culture. It is no surprise, then, that the world’s biggest online game, Fortnite, has its own line of Funko Pop figurines. The Funkos are modeled on the characters in game, including Drift, Ragnarok, Dark Vanguard, Volar, Tracera Ops, and Sparkle Specialist.
Now, local Funko distributor Gammatek has released the Fortnite figurines in South Africa. To celebrate, Gadget and Gammatek are giving away a set of three Funko Fortnite figurines to each of three readers (9 figurines in total). To enter,
You can put the tweet in your own words, but entries must have the competition’s hashtag (#FunkoFortnite) and mention @GadgetZA to be considered valid.
Click here to select the Funko Fortnite character you want to tweet.