QuadRooter Scanner is a new application for Android devices that scans a device and tells you whether it is affected by the recently disclosed QuadRooter vulnerability.
QuadRooter is a set of four vulnerabilities affecting Android devices using Qualcomm chipsets. Disclosed on the Check Point web blog on August 7, 2016, the vulnerability is said to affect close to 900 million Android devices that are in circulation currently.
Attackers may exploit the vulnerability using specifically prepared applications. The app would not need special permissions according to the researchers, and could give attackers complete control over an Android device.
If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.
The researchers released a short list of affected devices that reads like the who is who of the Android world. Included are the Google Nexus 5X and 6, the new Moto X, The OnePlus One, 2 and 3, the Samsung Galaxy S7 and S7 Edge, The Sony Xperia U Ultra, the LG G5 and G5, and various other devices.
The list is incomplete however, and there was no way of telling up until recently whether a particular device not listed is affected by one of the four vulnerabilities.
QuadRooter Scanner
QuadRooter Scanner changes that. It is a free application for Android devices that scans the device it is run on to find out whether it is vulnerable to one, some or all of the four vulnerabilities discovered recently.
All it takes is to tap on the scan button after you have installed the app to run the scan. It takes less than a minute to complete, and will list whether the device is vulnerable to some of the vulnerabilities discovered.
Links are provided to the vulnerabilities the device is affected by which may be useful when researching the vulnerabilities.
There is little that you may do however if the device is affected. While you may be more careful than usual, by not installing any apps from outside the Google Play store, and even then making sure it is created by a legitimate company, there is no direct option available to protect the device fully.
It is up to the device manufacturer to release a timely patch for the vulnerabilities the device is affected by. The past has shown that it will take some time before even the companies that care the most push out patches. For some devices, patches may never be created and there is nothing that users can do about it other than switching devices (preferably from a company with a better track record).
Now You: Is your phone vulnerable?