Four major Android vulnerabilities dubbed QuadRooter that affect 900 million devices have been uncovered by security firm Check Point.
A range of popular devices are at risk, including the Samsung Galaxy S7 and S7 Edge, Sony Xperia Z Ultra, Google Nexus 5X, 6 and 6P, HTC One M9 and HTC 10, and even the security-focused BlackBerry Priv and Blackphone 1 and 2.
Check Point explained in a blog post that the flaws are in the software used to manage the Qualcomm chips included in the vast majority of Android devices.
"QuadRooter is a set of four vulnerabilities affecting Android devices that are built on chipsets from Qualcomm, a supplier of 80 per cent of the chipsets in the Android ecosystem," said Check Point in a blog post.
"If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device, enabling them to change or remove system-level files, delete or add apps and access the device's screen, camera or microphone.
"The vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. An attacker can exploit these vulnerabilities using a malicious app to trigger privilege escalations and gain root access to a device.
"This app would require no special permissions to take advantage of the vulnerabilities, which means they would not make users suspicious."
Defcon has a summary of a talk about QuadRooter by Adam Donenfeld, a senior security researcher at Check Point, who said that Android remains a problem security-wise, despite Google's best attempts.
"Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe," said the summary.
"With this in mind, we decided to examine Qualcomm's code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago