Earlier this month, over 20,000 of the world’s top computer hackers and security experts flocked to Las Vegas for Black Hat USA and DEF CON 24, the largest and most important hacking conferences in the world. On the last day of DEF CON, security company Check Point unveiled QuadRooter, a set of four new high-severity security vulnerabilities that impact over 900 million mobile devices with Qualcomm processors.
Three of the four vulnerabilities have already been fixed on PRIV devices with the August Marshmallow patch and on all DTEK50 devices. In addition, the secure boot chain present in all BlackBerry devices naturally mitigates the remaining issue. We’re not aware of any exploits for this vulnerability in the wild, and we don’t think any of our customers are currently at risk from this issue. This is a great example of how our Android platform hardening proactively protects against issues that haven’t even been discovered yet, a topic we’ll discuss in more detail over the coming weeks.
Back when we launched BlackBerry Powered by Android, we made a public commitment to provide monthly security updates as well as “hotfix” patches for certain issues. As Chief Security Officer David Kleidermacher wrote at the time: “Some critical Android vulnerabilities – for example, one that can be easily and remotely exploited with a publicly disclosed method to execute ‘root’ privileged malware – simply can’t wait for a monthly update cycle.” As soon as we learned about QuadRooter, we immediately began to develop, test, and integrate a fix to deploy through our rapid patching process as quickly as possible.
I’m happy to announce that a patch for all of the QuadRooter vulnerabilities is now available for the PRIV and DTEK50 users. Customers who bought their devices from ShopBlackBerry.com should see the update today and most of our carrier partners will be rolling it out to their users starting this week.
How to Install the Patch
To install the patch, simply navigate to Settings / About phone / System updates on your BlackBerry Powered by Android device. We’re very proud to support Google’s push for rapid security updates by becoming the first major OEM to patch all of the QuadRooter issues across our entire device portfolio.
With PRIV and DTEK50 by BlackBerry, you get full Android devices with access to the entire Android ecosystem, but you also get the peace-of-mind of knowing they’re built, managed, and updated by the company that pioneered mobile security. The most secure Android devices on the market give you the freedom to download apps, communicate with your friends, and get your work done without giving up your personal privacy or compromising your safety. Ultimately, that’s the BlackBerry security advantage.