Researchers at Check Point recently discovered a number of flaws and hacks that place over 900 million Android devices at risk, and there’s nothing most people can do.

Check Point, an IT security firm, named the collection of hacks and exploits “QuadRooter,” because they allow someone to gain root access — unfettered control — to the entire Android operating system on devices using the popular Qualcomm chipsets.

“If exploited, QuadRooter vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them,” Check Point explained in a blog post.

What’s more, root access “could also provide an attacker with capabilities such as key-logging, GPS tracking, and recording video and audio.”

According to Check Point, QuadRooter can be used on any device with a Qualcomm chipset — which is a huge amount of phones. Popular devices like the Samsung Galaxy S7, OnePlus 3, and the new Moto X are all vulnerable to hackers using QuadRooter. Here’s a list of some of the most popular devices vulnerable to hacking, as compiled by the researchers at Check Point:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2, and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra
  • Check Point made Qualcomm aware of the issue back in April, and that the chipmaker “reviewed these vulnerabilities, classified each as high-risk, and confirmed that it released patches to original equipment manufacturers.” Yet it will be some time before most devices are fixed, and many won’t be fixed at all.

    People can’t just update their Android devices to defend against QuadRooter. First Qualcomm has to develop a fix, then the fix has to be given to manufacturers, and then it has to be distributed to consumers via wireless carriers, in many instances. That’s a lot of steps between a critical software fix and the people who need it.

    The supply chain from chipset to consumer.
    The supply chain from chipset to consumer.

    That process is part of the reason why Android devices are often insecure. Most devices won’t receive updates that make their users more secure. They’re stuck with the software they shipped with.

    Google does its part by using bounties to encourage people to examine Android security — something Apple plans to do as well — but many vulnerabilities remain.

    Check Point has released an app to the Play Store so Android users can see if their device is vulnerable to QuadRooter. You can read the company’s full report on QuadRooter, which details how it works and what devices it affects, right here:

    Photos via Check Point, Getty Images / Rick Kern