You might have heard the rumors about some new malicious software that exploits four vulnerabilities to gain illegal access to your Qualcomm device. And it was dubbed Quadrooter. (Image below). Full story here.
Well, sorry to burst your bubble, but, uhm, the thing is this whole story was blown out of proportion. And, no, 900 million devices are NOT at risk of some guy in a hoodie somewhere spying on devices without the knowledge of the owners because of a flaw on the chipset level. Let me explain:
The problem is, when a security company comes with a story like this and conveniently comes up with an app that seems to magically solves said problem, I get skeptical. Forgive my paranoia, but I couldn’t help but do a little digging as to the legitimacy of this flaw and of course add a little logic. This what what I came up with.
THE TRUTH BEHIND THE CONSPIRACY OF QUADROOTER
Without an advanced mobile threat detection and mitigation solution on the Android device, there is little chance a user would suspect any malicious behavior has taken place
– Check Point
What they failed to mention was the fact that this “advanced mobile threat detection and mitigation solution” was already present on every android device running Android 2.3 and higher which is about 99.9% of all android devices. Thanks to a little app called Verify. In essence, what Verify does is check any and every app you install for potential threats. Yes, it is still present even after heavy modding – like installing a custom ROM. Note that this is just the first level of security and it is built into 99.9% of all android devices. So, if this stands true, which it does, then where do the 900 MILLION devices come from?!
I am not saying your device is completely safe – no, on the contrary, it is actually vulnerable if you know where to look. But, when a security company comes around and says something like 900 million devices with Qualcomm chipsets is vulnerable to a particular bug or malware, you sit and think, ask a few questions and of course a little logic wouldn’t hurt.
FOOLPROOF QUESTIONS TO ASCERTAIN THE RISK LEVEL OF A THREAT
- Who’s behind the “research” driving this story, and what do they stand to gain?
- Is this threat related to something I’m likely to download and install, or does it revolve around some weird random app no normal person would ever encounter?
- If peradventure I did do something that would put me at risk, would my phone automatically protect me from anything harmful?
- Has any normal user actually been affected by this in the real world?
One thing you should realize is the fact that stories like that of Quadrooter will not come to an end anytime soon; not when there are still Antivirus and Antimalware companies still in existence. Hey, they have to make money; and they won’t if you don’t see a reason to use any of their solutions.
So, whenever you hear something like: there is a big bad virus in town and every device is vulnerable, as the four questions above and you should be golden f you are satisfied with the responses you get. Be smart, people!
Leave a Reply