Sunday, August 12, 2018

Android powered devices are susceptible to major vulnerabilities out-of-the-box: Report



Android’s open nature is a boon for OEMs and developers alike. While this means that smartphone manufacturers can create their own versions on top of it, which they usually do, someone modifying the code can also cause harm by knowingly or unknowingly introducing vulnerabilities in the ecosystem. 

As per a report by the security firm Kryptowire, via Wired, many Android-powered smartphones are vulnerable to remote highjacking and many other worrying hacks even before one purchases them. The security firm analysed ten Android smartphones that support US network carriers and found that the firmware and pre-installed software, which we call bloatware, expose the end-user to some serious vulnerabilities, given that a user downloads a malicious app.  

Overview of the Kryptowire report states, “Our primary focus was exposing pre-positioned threats on Android devices sold by United States (US) carriers, although our results affect devices worldwide... The vulnerabilities we discovered on devices offered by the major US carriers are the following: arbitrary command execution as the system user, obtaining the modem logs and logcat logs, wiping all user data from a device (i.e., factory reset), reading and modifying a user’s text messages, sending arbitrary text messages, getting the phone numbers of the user’s contacts, and more. 

All of the aforementioned capabilities are obtained outside of the normal Android permission model.”  Wired says that the Kryptowire study was funded by the US Department of Homeland Security (DHS) and was to be presented at the recently concluded Black Hat 2018 security conference. 

Devices from manufacturers like LG, Asus, ZTE and others are discussed at the event and DHS had previously suggested that the China-based company ZTE poses a security threat, but the agency didn’t provide any critical info to back the statement. As per Kryptowire, a remote attacker can gain total control of the ZTE ZMax smartphone, if a malicious app is downloaded.  One should note that even though the aforementioned vulnerabilities come pre-baked in an Android device, they can only be exploited when a user has any third-party malicious app installed. 

As apps on Google Play Store go through a stringent review and test process, chances are slim of downloading a malware if one sticks to app downloads from the official source. However, downloading apps from other sources and unknown websites could lead an attacker to gain complete control over a device.

from Latest Technology News https://ift.tt/2w0zL2p

MAXIT INTERNET

BLOGGER

CD DVD RW

DELL

DOWNLOAD

FTP Server Linux

HACK

HARD DRIVE

HOW TO WORKIN

HARDWAER

INTERNET

INTERNET CAFE

LAPTOP

LENOVO

LINUX

Additional configuration for Samba Server (Part 2)  

BSNL/Airtel/Idea using Huawei E156G 3g Wireless USB Linux 5   

Basic File Extensions    CHANGING AN ACCOUNT EXPIRATION DATE   

Configure Linux as a Router   

Configure SAMBA Server (Part-1)   

Configure VNC server   

Configure Yum Server (Part-1)   

Configure yum server for Client machine (Part 3)   

Configuring Samba as a Standalone Server (Part 3)  

Connecting ftp Server with Anonymous User Part 5  

Create ftp account with Shared directory Part 3  

DHCP Server Configuration Part 2  

DHCP Server Configuration Part-1  

DHCP Server Configuration Part-3  

Enabling FTP Services in Yum Server (Part 5)  

FTP Server Configuration Part 1  

FTP Server How to Change In Primary DNS Server Part 2  

HTTP Client side configuration (Part 4)  

How to Vsftpd conf files Parameter Part 6   

LINUX FILE SYSTEM STRUCTURE  

Linux User Administrtion  

Linux as a Router configuration for Client Machine   

Linux client machine FileZilla FTP Client Part 4  

Local Yum Server (Part 2)  

Modifying Existing User Information  

Primary DNS Server Configuration Part-1  

Primary DNS Server Configuration Part-2    

Primary DNS Server Configuration Part-3  

Remove Linux From Your Pc Safely and restoring your MBR  

Sharing & Accessing Samba Share (Part 4)   

Speeding up your internet connection under Linux and Windows   

THE ROOT FILE SYSTEM   

VNC Server Configuration

LINUX LAB

Linux as a Router

MOTHERBOARD

Mobile

NETWORKING

REDHAT 5

REGISTRY EDTOR

RESET BIOS PASSWORD

SAMBA Server Linux

SERVER

SERVER CONFIG

SOFTWAER

VNC server Linux

Window 10

Window XP