Qualcomm processors running android affected by security flaws.

Why are folks creating multiple threads (I saw two) and that too posting link to crap TOI-let website???? :D

Thread titles are also misleading, it is probably not the qualcomm processors affected by the flaw, but rather (reading the slashdot/CNET article) "devices WITH the processors and running Android" have these flaws?

And I dunno why the sensationalism - I thought it's well known Android is pretty insecure what with people "rooting" and "side loading" apps all the time :D
 
Last edited:
Yes they can (if I'm reading the stuff correctly) if you're running Qualcomm chips on your phone :p

From the whitepaper:

If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device.
An attacker can exploit these vulnerabilities using a malicious app. These apps require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.
Click to expand...

Apparently 3 out of the 4 flaws are already patched in recent updates by Google but the 4th one didn't get fixed yet due to the supply-chain and fragmentation issues of Android ecosystem.
 
Am a complete newb with this regard to this but can someone explain how rooting your device (willingly by me) compromises security?
What aspects exactly are compromised?
 
eternoMind said:
Am a complete newb with this regard to this but can someone explain how rooting your device (willingly by me) compromises security?
What aspects exactly are compromised?
Click to expand...

It varies. Without root access you usually do not have permission to modify anything on the OS or OS components. If the phone is rooted you can give access to apps or modify the os components. Now, there are certain defects in every OS that can be made use of to get the root access permission thereby gaining enough access to modify the os or the app. This is just a general overview but this is how linux works, to get a better idea you can try understanding Linux, and how privileged escalation works.
 
^^ When you install Windows, by default, you are placed in Administrator mode, whereas in Linux, you are put in user mode, without admin privileges. To get these, you need to escalate or use the root user. Now, Linux allows you to do this with the su command, while Android, ships by default in normal mode with root access locked down. To gain these, you need to use certain bugs to escalate to root user. Hope this helps!
 
vivek.krishnan said:
^^ When you install Windows, by default, you are placed in Administrator mode, whereas in Linux, you are put in user mode, without admin privileges. To get these, you need to escalate or use the root user. Now, Linux allows you to do this with the su command, while Android, ships by default in normal mode with root access locked down. To gain these, you need to use certain bugs to escalate to root user. Hope this helps!
Click to expand...

aman.pitbull said:
It varies. Without root access you usually do not have permission to modify anything on the OS or OS components. If the phone is rooted you can give access to apps or modify the os components. Now, there are certain defects in every OS that can be made use of to get the root access permission thereby gaining enough access to modify the os or the app. This is just a general overview but this is how linux works, to get a better idea you can try understanding Linux, and how privileged escalation works.
Click to expand...

I've been rooting Android devices since the day i started using them. So i was wondering that even after something like SU installed (and 'Prompt for Root Access' option enabled), can a rogue app attain root access privileges without me being prompted about it?
I've stopped sideloading cracked apps long time back and whatever apps i still sideload are older versions of apps that were free always but have become bloated/unusable with time and updates.
 
eternoMind said:
I've been rooting Android devices since the day i started using them. So i was wondering that even after something like SU installed (and 'Prompt for Root Access' option enabled), can a rogue app attain root access privileges without me being prompted about it?
I've stopped sideloading cracked apps long time back and whatever apps i still sideload are older versions of apps that were free always but have become bloated/unusable with time and updates.
Click to expand...

Afaik, the SU manager manages root access, and prompts whenever a call is made to escalate/access root. I dont think it can be bypassed unless you have given physical access.
 
vivek.krishnan said:
Afaik, the SU manager manages root access, and prompts whenever a call is made to escalate/access root. I dont think it can be bypassed unless you have given physical access.
Click to expand...

So in other words, rooting a device+using SU+staying away from cracked/suspect apps is an almost foolproof way of enjoying your Android device without worrying about security issues due to rooting.
 
Back
Top