Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Security Cellphones Chrome Communications Google Open Source Operating Systems Privacy The Internet News Technology

BadKernel Vulnerability Affects One In 16 Android Smartphones (softpedia.com) 58

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.
This discussion has been archived. No new comments can be posted.

BadKernel Vulnerability Affects One In 16 Android Smartphones

Comments Filter:
  • Well (Score:2, Funny)

    by Ol Olsoc ( 1175323 )
    At least they have a headphone jack, so no problem.
  • Ahhh yes (Score:5, Informative)

    by wbr1 ( 2538558 ) on Wednesday October 05, 2016 @08:08AM (#53016663)
    A slashvertisment for a 'security' app that ostensibly tests for a vulnerability, whilst simultaneously asking for every permission my phone has. No thanks. And have a mode finger while you're here.
    • Re: (Score:3, Informative)

      by Anonymous Coward

      Indeed, and on their site "Trustlook" (never heard of them) claim that "AV-Test" gives them the OK.
      Funny, on the "AV-test" site, they're not even in the list of (about 25) tested products...

      https://www.av-test.org/en/antivirus/mobile-devices/
       

  • Best ways, huh? (Score:5, Interesting)

    by Bob the Super Hamste ( 1152367 ) on Wednesday October 05, 2016 @08:12AM (#53016679) Homepage

    One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated.

    So how many of the devices listed are basically unsupported since initial sale and will never be update?.

    I really wonder if things like this should be treated as manufacturing defects and since carriers and phone vendors don't seem to want to support these devices people should start bringing them back and getting them replaced for free as they are obviously defective.

    I don't know warranty law but maybe someone one could chime in who has some idea as it would seem that if these issues aren't fixed then the customer is due a replacement or refund because their device does have a manufacturing or design defect.

    • by Aaden42 ( 198257 )

      The devices were never warrantied as being secure. They're sold as telephones. As long as they still make calls, they're not defective. There's no way you'll get phone makers or cell carriers to make good on these without a law telling them they have to. And you can rest assured they'd pass the cost of any such law directly on to consumers.

      Buyers need to vote with their wallets. You're not just buying a dumb telephone. You're buying an always-on, always-connected computer that you're going to store so

      • by Gr8Apes ( 679165 )

        You're not just buying a dumb telephone. You're buying an always-on, always-connected computer that you're going to store some of the most private things about your life on.

        This part I disagree with with - I am just buying a dumb phone, SMS messenger and web browser. Really. That's all anyone really needs, despite the plethora of apps all about, claiming to make life easier. Now the mail app makes things easier with local storage, as does the chat app of choice. As for storing the most private things about your life, why? Why would you essentially leave the keys to your life on a very portable and easily lost or stolen device?

        I agree with much of what you say otherwise.

        • by Aaden42 ( 198257 )

          Primarily because it's the most secured device I can buy as a consumer. It's also the one that's with me at all times. My phone is my exocortex. The part of my brain that actually works right, more often than not. If there's an arbitrary detail of modern life than has no value to me other than when engaging in certain bureaucratic ablutions, you can bet my phone remembers it better than I do.

          And sure I could LIVE without the other stuff my phone does. My heart would keep beating, and I'd keep breathing

          • by Gr8Apes ( 679165 )
            Truth be told - a paper list is faster and generally more convenient than a phone list, unless you can type it in on a computer and send it to you phone (in which case it's a simple consuming device) I still hold that "the most private things about your life" being on your phone is truly an odd thing to say, believe, or do.
            • by Aaden42 ( 198257 )

              I find paper lists far more cumbersome. They get lost or left at home. They can't be edited easily. My handwriting is dreadful. Can't write while moving or doing other things, etc. Siri can take a note no matter what I'm doing. The note is available on my phone, tablet, laptop, and two desktops near enough to instantly. I can delete it when done or revise it if necessary. I can share lists with family members, and we can all check off things as we do them or add more as we think of them. None of tho

              • by Gr8Apes ( 679165 )

                Siri can take a note no matter what I'm doing. The note is available on my phone, tablet, laptop, and two desktops near enough to instantly.

                ...The security of the data on it is very important to me.

                You use Siri and iCloud. I'd say security is secondary to you at most, and that's being very loose with the term 'security'. You were correct to drop "privacy" from your statement entirely, because you've given that up entirely.

        • by steveg ( 55825 )

          Personally, I'm buying a portable computer that fits in my pocket. That I can use it for phone calls or SMS is mildly convenient, but not ultimately vital.

          As far as "most private things" go, there is some of that (but not a ton) and that's mostly encrypted. At least as far as what *I* put on there. What the phone gathers about me is a whole other thing.

          • by Gr8Apes ( 679165 )
            So if the phone part is so not vital, why not just remove the cellular portion of the phone (ie, yank the sim)? Wait, it IS important that you can effectively call/message and access the web.
            • by steveg ( 55825 )

              Access the *Internet*. That's part of what being a computer is. I didn't say being connected wasn't vital, I said being a phone wasn't vital.

              I added the "is connected" criterion to my definition of "useful computer" somewhere around 1989. Even though "uses telephone technology" is part of what makes that work, the "is a phone" part isn't all that important.

              I'm not saying that I don't use the phone as a phone. But it's not why I have it. If I had to choose between a portable phone without computer funct

  • I guess my phone is safe.

  • Sigh. (Score:5, Insightful)

    by ledow ( 319597 ) on Wednesday October 05, 2016 @08:19AM (#53016697) Homepage

    "Install this piece of random software to see if you're safe from this vulnerability that affects a ton of devices."

    Yeah, right. It's precisely that mentality that causes more problems in the first place.

  • My phone and tablet were both listed so I installed the app and ran the check and neither one was vulnerable to this bug. I don't think the list they have includes vendor OTA updates so its more less based on the software the devices had when they were stock. So my take away is don't put too much faith in that list by itself. You are better to do the check and then remove the app.
  • Could this bug be used, not to do devilish things, but to help me rooting my devices in a simple way, so that afterwards I could at least install the firewalls I already have on my old Fairphone*?
    (*) that came pre-rooted by default, contrary to the new ones

  • I work for Trustlook, so I am somewhat familiar with the company. :^) Trustlook is a venture-funded Silicon Valley startup specializing in Android security. The company has an Android app in the Play store with over 18M users, plus a RESTful cloud SDK to enable virus scan capability in any Android app. We also have an analytic tool that allows you to peek inside any Android app (skyeye.trustlook.com). Finally, at the end of 2016, we will become the default security engine of every new phone for a top 3

news: gotcha

Working...