A Nightmare on Quadrooter Street.
When I was a teenager, watching slasher flicks like A Nightmare on Elm Street (the original 1984 version) and Halloween, in order to look like a “tough guy” I developed a sort of movie watching buffer whereby when any startling occurrence happened (e.g. the scary guy leaps out of the shadows), I would simply sit there all cool-like while all around me leaped out of their seats. I would mentally take a moment to let the occurrence happen and then internally say “Yep! That thing that happens in every scary movie happened” and just continue watching. I just don’t react to the situation the instant it happens.
Nowadays I continue this type of trick when I read scary stories. For example, last weeks blog post about the Garda Síochána hack. After all the initial “Mob hack the Garda” hyperbole, it would appear, after a few days, that it was a simple Ransomware incident.
And so it is with the recent story from Check Point Software Technologies Ltd about their sexily named Quadrooter. A set of four vulnerabilities what they discovered in the Qualcomm chips that are in use in up to 900 million Android devices worldwide.
There’s no denying that the vulnerabilities exist, but were things as bad as Check Point were making out? Obviously if you purchased Check Point’s security solution for mobile devices, you would be protected from Quadrooter, but guess what? You were most likely already protected … by Android itself.
As long as you are running Android 4.2 or higher on which “Verify Apps” was turned on by default and have not changed the app store settings to enable “Unknown Sources”, you won’t be affected by 3 of the 4 vulnerabilities. Simples. Google are working on a patch for the 4th vulnerability.
According to Google, 90% of the 900 million devices quoted by Check Point will be protected from Quadrooter, and the remaining 10% would be if they re-enable “Verify Apps”.
You can see further information here.
So another Scary Story that, with the passing of a few days, turns out not to be so scary after all.