BlackBerry patches QuadRooter vulnerabilities

BlackBerry issues QuadRooter patch (Image: weerapatkiatdumrong via iStock)

BlackBerry has issued a software update for PRIV and DTEK50 users to patch the QuadRooter vulnerabilities announced at the DEF CON 24 hacking conference earlier this month.

They become the first major manufacturer to do so.

Security firm Check Point’s mobile threat research team revealed the four security problems that affect Android devices built with Qualcomm chips.

According to Check Point, if any of the four vulnerabilities is exploited, it becomes possible for attackers to “trigger privilege escalations for the purpose of gaining root access to a device”.

Hackers use a malicious app which would need no special permission to exploit the vulnerabilities affecting devices. This means that most users will not suspect anything. Attackers can then gain complete access to the device, including capabilities such as GPS tracking and recording video and audio.

BlackBerry said that three of the four threats had already been fixed with the Marshmallow patch released this month. Now the firm has released a patch for all QuadRooter vulnerabilities.

Users who purchased their devices from the BlackBerry online shop will see the update already, whilst they expect their carrier partners to roll it out this week.

In a blog post, BlackBerry director of security Alex Manea said that when the firm launched BlackBerry Powered by Android, it promised to provide monthly security updates as well as “hotfix” patches for other concerns.

At the time of launch, BlackBerry chief security officer David Klediermacher wrote that vulnerabilities “that can be easily and remotely exploited with a publicly disclosed method to execute ‘root’ privileged malware” can’t wait for a monthly update

Manea said that as soon as the organisation heard of the QuadRooter threats, it began working on a fix that could be deployed through its rapid patching process.

The patch can be found in the device’s settings.