Security researchers working on reverse-engineering Qualcomm's hardware claim to have finally found a way in, suggesting that flaws in the graphics-handling part of the processing chain's software drivers could allow hackers to take control of a device.
But no one's been spotted with the vulnerability "out there" in the real world just yet. The team from Checkpoint says that although they've pulled some exploits out of the hardware they haven't been used yet, although they suspect that within a matter of months some might be. Especially now they've told everyone they exist. One rogue app and they're in now though, apparently.
The hack discovery was announced by Checkpoint at a presentation at Def Con 24, where four major vulnerabilities within Qualcomm's silicon were outlined, hence the Quadrooter name. Checkpoint's Michael Shaulo said: "Vulnerabilities like Quadrooter bring into focus the unique challenge of securing Android devices, and the data they hold. The supply chain is complex, which means every patch must be added to and tested on Android builds for each unique device model affected by the flaws. This process can take months, leaving devices vulnerable in the interim, and users are often not made aware of the risks to their data." [Checkpoint via BBC]