900 million Qualcomm Android devices vulnerable to attack

[HEXUS]

'QuadRooter' vulnerabilities found in newest flagships and even the BlackBerry Priv.

Read more.

[Bambooz]

Clickbait title deluxe (like everywhere else really). Blowing up "there's an option to root your phone" to "900 million devices vulnerable/exploitable" .. jeez
Worst thing is that there's a fix, meaning that a bunch of phones will lose one (or in some cases the only) way to get root to get rid of manufacturer preinstalled garbage. nice...

[Plasmastorm]

Installed on my rooted Galaxy S7, no quadrooter vuln found

[crossy]

Erm, as a Samsung S7 Edge user I thought it was only the US versions that were "Qualcomm Inside", the rest (like mine) use Exynos. Still the warning was handy because there's a G4 and a 5X in the house. Thanks!

[username2]

Article would be much more interesting and worth reading if you would include how that vulnerability is working...

[Jace007]

Checkpoint being an Israeli company i wouldn't be surprised they pushed this out, just so more people load Checkpoints own spyware crap onto their mobiles, just scare mongering

[peterb]

Hmmm...

http://www.computerworld.com/article...uadrooter.html

Slightly different view.

[Defiant]

My Nexus 6 Got a OS patch last night funny enough... I wonder if that was google fixing it?

EDIT: Should have read that link from ComputerWorld, talk about talking up nothing.

[realstock]

Another vulnerability related to Android, who'd have thought that would happen.... er again

.... and again...

... and again

Well at least this one was brought out for the latest hardware this time!!

[aidanjt]

A 60MB patch just came in for my OnePlus One, I assume this is what it fixes.

[jfell]

There will always be security holes in Android devices due to it being so open. Just get an iPhone and be done with it

[kalniel]

There will always be security holes in Android devices due to it being so open. Just get an iPhone and be done with it

Does closed software have fewer holes, or just holes which remain open for longer?

[peterb]

There will always be security holes in Android devices due to it being so open. Just get an iPhone and be done with it

A. Ignoring the fact that iOS is based on open source BSD UNIX?

B. Why should closed source be inherently more secure than open source?

C. What do you mean by 'secure'?

I would point out that the Enhance Security Linux (Linus SE, open source) is (AFAIK) the only operating system that offers true multilevel security.

[watercooled]

There will always be security holes in Android devices due to it being so open. Just get an iPhone and be done with it

Maybe now is a good time to mention the bug was in a piece of closed-source software from Qualcomm?

But that's besides the point - closed vs open is irrelevant when it comes to security holes as above. The source code of closed-source software isn't visible to as many people (hence the name) so in theory there aren't as many people looking at said code for bugs. Is that a good thing? People either side of the fence will vehemently disagree over this, but here are the points you have to consider:

Not as easy for researchers to look for bugs and correct them, vs less for people with malicious intent to work with.
Even without the source (as is the case here), bugs can be found and exploited, and unless someone publishes their findings, we have a zero-day.
With closed-source, there's also a greater risk of the developer surreptitiously inserting malicious code or just not bothering to patch known holes - these are also potentially exploitable, so you need to have a greater degree of trust in the developer with closed-source.

Neither closed nor open source code is inherently more secure; and neither is a substitute for well-written and audited code.