Hello guest, if you read this it means you are not registered. Click here to register in a few simple steps, you will enjoy all features of our Forum.
Rules have been updated! Here

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
smartphone in found firmware vulnerabilities of 25 the models android

Vulnerabilities Found in the Firmware of 25 Android Smartphone Models
#1
Vulnerabilities Found in the Firmware of 25 Android Smartphone Models

[Image: Kryptowire-research.png]

Last week, at the DEF CON security conference held in Las Vegas, security researchers presented details about 47 vulnerabilities in the firmware and default apps of 25 Android smartphone models, 11 of which are also sold in the US.
These vulnerabilities, embedded in full in the table at the bottom of this article, range from simple flaws that crash devices to dangerous bugs that grant attackers the ability to get root access on users' devices.
Some of the most dangerous of these vulnerabilities allow an attacker to retrieve or send SMS texts from the user's phone, take screenshots or record videos of the phone's screen, retrieve the user's contacts list, force the installation of third-party arbitrary apps without the user's knowledge or consent, or even wipe the user's data from the device.


Some big OEM brands listed

These vulnerabilities were discovered in both the default apps that come preinstalled on some devices by default (and are sometimes unremovable), but also in the firmware of core device drivers that can't be removed without losing some of the phone's functionality, if not access to the device as a whole.
US mobile and IoT security firm Kryptowire unearthed these vulnerabilities as part of a grant awarded by the Department of Homeland Security (DHS).
The smartphone brands (OEMs) included on Kryptowire's list include big names such as ZTE, Sony, Nokia, LG, Asus, and Alcatel, but also smaller companies such as Vivo, SKY, Plum, Orbic, Oppo, MXQ, Leagoo, Essential, Doogee, and Coolpad.
"With the hundreds of mobile phone makes and models on the market and thousands of versions of firmware, best-effort manual testing and evaluations simply cannot scale to address the problem of identifying vulnerabilities in mobile phone pre-installed apps and firmware," said Angelos Stavrou, CEO of Kryptowire, in a press release also announcing the release of a new enterprise-targeted platform for automatically testing the firmware and apps of Android mobile devices.


Some old names on the list

Some of the OEM brands are old acquaintances. For example, ZTE. Leagoo and Doogee have been listed in previous reports about insecure Android device makers. Devices from these two vendors were found on two different occasions [1, 2] to come preinstalled with banking trojans.
Back in November 2016, Kryptowire also discovered a backdoor mechanism in the FOTA (Firmware Over The Air) update software system produced by Chinese firm Adups. That FOTA system was included in the firmware of many Android phone makers, and a year later was found to be still active, despite public disclosure.
Below are the vulnerabilities discovered by the Kryptowire team, and presented last week at DEF CON.


Source
Code:
https://www.bleepingcomputer.com/news/security/vulnerabilities-found-in-the-firmware-of-25-android-smartphone-models/

Anything wrong?!
Doubt about something in the forums?!

Please push Report button or send me a PM!!! 

Guidelines

Member Ranks

How to use various forum functionalities
======================================================================================

AiOwares is a community whose existence takes place by itself, not by movements unrelated to it.

======================================================================================
Reply
#2
Im about to clear my fiancee Megan's android cache partition to hopefully speed the phone up.  This doesnt surprise me firmware with vulnerabilities in it?  Best way to combat this is to make sure the firmware is updated or flash different firmware that doesnt have the same vulnerabilities.  Your not going to find firmware that doesnt have vulnerabilities in it.
[-] The following 1 user says Thank You to Holmes for this post:
  • WALLONN7
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)