Four major Android vulnerabilities dubbed QuadRooter that affect 900 million devices have been uncovered by security firm Check Point.
A range of popular devices are at risk, including the Samsung Galaxy S7 and S7 Edge, Sony Xperia Z Ultra, Google Nexus 5X, 6 and 6P, HTC One M9 and HTC 10, and even the security-focused BlackBerry Priv and Blackphone 1 and 2.
Check Point explained in a blog post that the flaws are in the software used to manage the Qualcomm chips included in the vast majority of Android devices.
"QuadRooter is a set of four vulnerabilities affecting Android devices that are built on chipsets from Qualcomm, a supplier of 80 per cent of the chipsets in the Android ecosystem," said Check Point in a blog post.
"If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device, enabling them to change or remove system-level files, delete or add apps and access the device's screen, camera or microphone.
"The vulnerabilities are found in the software drivers Qualcomm ships with its chipsets. An attacker can exploit these vulnerabilities using a malicious app to trigger privilege escalations and gain root access to a device.
"This app would require no special permissions to take advantage of the vulnerabilities, which means they would not make users suspicious."
Defcon has a summary of a talk about QuadRooter by Adam Donenfeld, a senior security researcher at Check Point, who said that Android remains a problem security-wise, despite Google's best attempts.
"Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe," said the summary.
"With this in mind, we decided to examine Qualcomm's code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems."
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff