Back to Help and Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Quadrooter/Bugs/Adriod LG G4

Go to solution
iainsymac
4: Newbie

‎08-08-2016 12:01 PM - last edited on ‎09-08-2016 08:23 AM by Moderator (Retired)

I have just seen this artice on the BBC website:

http://www.bbc.co.uk/news/technology-37005226

 

I have an LG G4 which is one of the phones affected.

 

I downloaded the Quadroot checker and it found four vulnerabilities:

Quadroot.png

My question is, is it Vodafone or LG that will be providing the patches to remedy these bugs? And, are they available yet?

 

cheers,

 

Iain

Labels:
0 Thanks
1 ACCEPTED SOLUTION

Go to solution
hrym
17: Community Champion
17: Community Champion

‎08-08-2016 05:14 PM

The original report implies that you're OK as long as you don't install apps from outside the Play Store.  As with most "vulnerabilities", I suspect your have to be pretty casual about safety to be in any serious danger.

 

The fault appears to have been discovered by reverse-engineering the Qualcomm software, which took something like 6 months.   As there are easier ways of compromising any device (mainly dodgy links and downloads), I suspect those will still be the favoured route.

View solution in original position

12 REPLIES 12

Go to solution
toma
4: Newbie

‎08-08-2016 12:34 PM

I'm also interested to know when Vodafone will be releasing an update addressing this (Sony Z5 Compact / 4 vulnerabilities).

 

Tom

0 Thanks

Go to solution
drey_p
16: Advanced member
16: Advanced member
In response to toma

‎08-08-2016 04:03 PM

Hi there

 

I'm afraid that Vodafone don't comment on the release of firmware updates.For more information, please see the FAQs here

PWIAC

0 Thanks

Go to solution
hrym
17: Community Champion
17: Community Champion

‎08-08-2016 05:14 PM

The original report implies that you're OK as long as you don't install apps from outside the Play Store.  As with most "vulnerabilities", I suspect your have to be pretty casual about safety to be in any serious danger.

 

The fault appears to have been discovered by reverse-engineering the Qualcomm software, which took something like 6 months.   As there are easier ways of compromising any device (mainly dodgy links and downloads), I suspect those will still be the favoured route.

Go to solution
Wize
3: Seeker
3: Seeker
In response to hrym

‎09-08-2016 10:05 AM

Even sticking to the Android walled garden is not a 100% sure way of not getting hit by this vunerability.

There have been historical reports of rogue apps making their way on to the Play store.

 

The real fix is to get the vunderable devices patched. That needs the phone's manufacturer to make it and the carrier to pass it on. Plus the end user has to install it. But we are waiting on the first two to happen.

Go to solution
drey_p
16: Advanced member
16: Advanced member
In response to Wize

‎09-08-2016 08:13 PM

There is an announcement from Vodafone here.  As expected it doesn't give any timescales on when a fix will be released.

PWIAC

Go to solution
kids
Community Champion (Retired)
Community Champion (Retired)
In response to drey_p

‎08-08-2016 03:54 PM - edited ‎08-08-2016 03:56 PM

Article from Checkpoint

 

Article from BBC.

Helping the street kids of Thailand

0 Thanks

Go to solution
bobevans
4: Newbie
In response to kids

‎08-08-2016 06:06 PM

Yes, interesting insn't it.  The app that the article refers to works & has identified 4 vulnerabilities on my HTC One M8.

 

I particulalry like the bit at the bottom where it says to beg the people who sold you the phone to apply the patches...

 

Would anyonne at Vodafone like to make any kind of comment at all?  I'm prepared to beg, (but not holding my breath).

 

 

 

 

0 Thanks

Go to solution
Wize
3: Seeker
3: Seeker
In response to bobevans

‎09-08-2016 05:06 PM

For Vodafone to be able to supply the patch, your phone's manufacturer must first create it.

 

Then Vodafone gets to add branding to it and send it out over the network.

 

But they still have to wait for the manufacturer.

0 Thanks

Go to solution
bobevans
4: Newbie
In response to Wize

‎09-08-2016 05:40 PM - edited ‎09-08-2016 05:42 PM

Indeed, but the article goes on to say this...

 

"Qualcomm is believed to have created patches for the bugs and started to use the fixed versions in its factories.

It has also distributed the patches to phone makers and operators. However, it is not clear how many of those companies have issued updates to customers' phones."

 

It is entirely possible that this is not the full story and HTC, (in my case), may not have made the patches available but it would be very nice if Vodafone would offer some kind of comment.

 

I'm still not holding my breath.

0 Thanks