Hong Kong Science & Technology

Information security watchdog issues highest level security warning for Android devices

The highest level security warning, “extremely critical,” for Android phones was issued by the Hong Kong Computer Emergency Response Team (HKCERT) on Tuesday. The warning is used for “remotely exploitable vulnerabilities” which do not require any interaction from the user and are capable of compromising the system.

On Sunday, the CheckPoint software company announced that it had discovered the Android QuadRooter exploitation, which affect phones and tablets built using Qualcomm chipsets. Over 900 million users are affected. The company said that the latest phones, including those from BlackBerry, Blackphone, Google, HTC, LG, Motorola, OnePlus, Samsung, and Sony, were affected.

Android qualcomm chipset security flaw

Security flaw affecting Android phones using Qualcomm chipsets. Photo: HKFP.

HKCERT said that the vulnerability “could lead to being exploited by a remote attacker to cause elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.”

A vendor patch for the vulnerabilities is currently unavailable, but Apple Daily reported that most companies told them they are working on patches for the security flaw.

phones on mtr

Using phones on the MTR. Photo: Apple Daily.

Extremely critical warnings are not unusual and have been issued 10 times this year for Adobe products including Adobe Flash Player and other programs like Quicktime, Apache Struts 2 Dynamic Method Invocation, ImageMagick, and ransomware CryptXXX and Locky.

Information security watchdog issues highest level security warning for Android devices