The highest level security warning, “extremely critical,” for Android phones was issued by the Hong Kong Computer Emergency Response Team (HKCERT) on Tuesday. The warning is used for “remotely exploitable vulnerabilities” which do not require any interaction from the user and are capable of compromising the system.

On Sunday, the CheckPoint software company announced that it had discovered the Android QuadRooter exploitation, which affect phones and tablets built using Qualcomm chipsets. Over 900 million users are affected. The company said that the latest phones, including those from BlackBerry, Blackphone, Google, HTC, LG, Motorola, OnePlus, Samsung, and Sony, were affected.

Android qualcomm chipset security flaw
Security flaw affecting Android phones using Qualcomm chipsets. Photo: HKFP.

HKCERT said that the vulnerability “could lead to being exploited by a remote attacker to cause elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.”

A vendor patch for the vulnerabilities is currently unavailable, but Apple Daily reported that most companies told them they are working on patches for the security flaw.

phones on mtr
Using phones on the MTR.

Extremely critical warnings are not unusual and have been issued 10 times this year for Adobe products including Adobe Flash Player and other programs like Quicktime, Apache Struts 2 Dynamic Method Invocation, ImageMagick, and ransomware CryptXXX and Locky.

Support HKFP  |  Code of Ethics  |  Error/typo?  |  Contact Us  |  Newsletter  |  Annual & Transparency Report

Chantal Yuen is a Hong Kong journalist interested in issues dealing with religion and immigration. She majored in German and minored in Middle Eastern studies at Princeton University.