Four major security holes in the Qualcomm chips which power modern Android devices have left as many as 900 million users vulnerable to a range of attacks.
According to Israel-based security firm Checkpoint, the flaws—dubbed “Quadrooter”—found in the firmware which governs the chips, could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device” using malware which wouldn’t require special permissions, allowing it to pass under suspicious users’ radars.
Qualcomm makes chips for the majority of the world’s phones, holding a 65 percent share of the market. Most of the major recent Android devices are expected to be affected by the flaw, including:
- BlackBerry Priv
- Blackphone 1 and Blackphone 2
- Google Nexus 5X, Nexus 6, and Nexus 6P
- HTC One, HTC M9, and HTC 10
- LG G4, LG G5, and LG V10
- New Moto X by Motorola
- OnePlus One, OnePlus 2, and OnePlus 3
- Samsung Galaxy S7 and Samsung S7 Edge
- Sony Xperia Z Ultra
Three of the four holes have already been patched, with a solution for the fourth on the way. However, most users are at the mercy of their handset manufacturers if they want these patches applied. Owners of Google’s Nexus devices have already had patches pushed to their phones, but other manufacturers have historically been less interested in patching flaws found in their devices after release.
According to Checkpoint—which revealed its findings over the weekend at the Defcon security conference in Las Vegas—the “vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them.”
Since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.
This situation highlights the inherent risks in the Android security model. Critical security updates must pass through the entire supply chain before they can be made available to end users. Once available, the end users must then be sure to install these updates to protect their devices and data.
At some point in their life everyone has to grow up, and the same goes for Philips’ flexible Hue Lightstrips. Once the perfect way to subtly turn your living room into a colorful rave, the LED strips can now be tuned to generate more natural white light for reading the paper, or just relaxing with some knitting.
But that doesn’t mean the party’s completely over. The new Philips Hue Lightstrip Plus, which comes with an adhesive backing so it can be easily installed out-of-sight as accent lightning (under your couch, above a kitchen counter, or below a cabinet), can still be tuned to produce almost any color you can imagine. And at 1,600 lumens they’re now brighter than the original version—perfect for anyone whose living room doubles as a nightclub on the weekends.
Available starting in October, a six-and-a-half-feet long version, which includes a power adapter, will sell for $90. But you’ll also need the Philips Hue base station connected to your home’s wifi network to make it work with the Hue smartphone app. And if that’s not long enough for your needs, there will also be $30 three-foot extensions available that can be easily clipped onto the end of the longer version without gobbling up additional outlets.
Some PCs are more difficult to run Linux on than others—it’s all about the drivers. Some laptops are available with Linux pre-installed, but plenty aren’t—even though they may make great Linux PCs. The Ubuntu Certified Hardware database helps you find Linux-compatible PCs.
Most computers can run Linux, but some are much easier than others. Certain hardware manufacturers (whether it’s Wi-Fi cards, video cards, or other buttons on your laptop) are more Linux-friendly than others, which means installing drivers and getting things to work will be less of a hassle.
Linux veterans probably know about this already, but I’ve had a few people ask me how to find Linux-friendly laptops lately, and my answer is always the Ubuntu Certified Hardware Database. Even if you aren’t running Ubuntu, it’ll tell you which laptops and desktops from Dell, HP, Lenovo, and others are most Linux-friendly. If you’re looking for a Linux-compatible PC, this is a great place to start. If it isn’t in that database, though, be sure to Google around—there may be forum threads dedicated to getting your laptop of choice set up with Linux.
Ubuntu Desktop Certified Hardware | Ubuntu via MakeUseOf