However, there is no evidence of the vulnerabilities currently being used in attacks by the hackers. Michael Shaulov of Checkpoint says that these vulnerabilities will be used in the next three to four months.
Shaulov adds that six months of work to reverse Qualcomm’s code revealed the problems. They were specifically found in a software that handles graphics and in a code that controls the communication between different processes running inside phones.
Some devices that are affected include the Blackberry Phone 1 and 2, Priv, and Dtek50. Google Nexus’ 5X, 6 and 6P are also affected along with HTC’s One, M9, and 10.
Other devices affected include LG G4, G5, and V10 as well as Motorola’s New Moto and OnePlus’ One, 2, and 3.
BBC reports that the US versions of the Samsung Galaxy S7 and Galaxy S7 Edge and Sony’s Xperia Z Ultra have also been affected by the bug too.
Checkpoint claims that it handed out information about the bugs and proof of concept code to Qualcomm earlier this year.
In response, Qualcomm has reportedly created patches for the bugs has distributed these to phone makers and operators. However, it is not clear how many of those companies have issued updates to customers’ phones.
Checkpoint has also created a free app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any of the bugs, by looking to see if the patches for them have been downloaded and installed