DHS warns of vulnerabilities in millions of smartphones

guest · Aug 8, 2018

DHS warns of vulnerabilities in millions of smartphones
"AT&T, Verizon, Sprint, and T-Mobile customers could be at risk" -- so basically everybody
August 08, 2018
https://www.techspot.com/news/75880-dhs-warns-vulnerabilities-millions-smartphones.html

According to research funded by the US Department of Homeland Security, millions of smartphone users could be at risk of having hackers completely take over their phones. The names of the device manufacturers have not been released yet, but the flawed phones are said to be sold by Verizon, AT&T, T-Mobile, Sprint, and “other carriers.”

During the Black Hat conference in Las Vegas, FifthDomain spoke with Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate who said the vulnerabilities use privilege-escalation flaws to take over a phone completely.

Virginia-based mobile security firm Kryptowire conducted the research, which was funded by the Critical Infrastructure Resilience Institute, a DHS research arm.
Click to expand...

Beyonder · Aug 9, 2018

Nothing new here. Android itself is flawed due to it getting updates from the phone manufacturer instead of the OS developer, Google.

Hell, not even Google are good at this. 3 years of updates for a Pixel XL 2 that costs €900 where I live? It's laughable.

ronjor · Aug 15, 2018

Android apps contain multiple vulnerabilities

Original Release date: 14 Aug 2018 | Last revised: 14 Aug 2018
Overview
Vulnerable apps:
(CVE-2017-13100) The Moron Test, 6.3.1, 2017-05-04, iOS
(CVE-2017-13101) musical.ly - your video social network, 6.1.6, 2017-10-03, iOS
(CVE-2017-13102) Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS
(CVE-2017-13103) Pinterest, 6.37, 2017-10-24, iOS
(CVE-2017-13104) UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS
(CVE-2017-13105) Virus Cleaner ( Hi Security ) - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android
(CVE-2017-13106) CM Launcher 3D - Theme,wallpaper,Secure,Efficient, 5.0.3, 2017-09-19, Android
(CVE-2017-13107) Live.me - live stream video chat, 3.7.20, 2017-11-06, Android
(CVE-2017-13108 ) DFNDR Security: Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android
Click to expand...

mekelek · Aug 15, 2018

ronjor said: ↑

Android apps contain multiple vulnerabilities
Click to expand...

that last one, an Antivirus having multiple vulnerabilities, now that's just irony
"Anti-hacking"

longshots · Aug 15, 2018

So I guess that I'm not the only one here waiting for
Purism's Privacy-Focused Librem 5 Linux Phone with GNOME 3.30
https://news.softpedia.com/news/pur...-to-look-beautiful-with-gnome-3-30-522277.sht

EASTER · Aug 15, 2018

I deliberately avoided anything apple in this department explicitly because they were such open targets so I chose Android models.

If there is an upside for anyone owning android, it is that if they have all the available time to spare, (which most don't) they can make their own security a whole infinitely lot better learning that O/S-rooting-and apply safety tweaks that the vendors will never inform them are there.

@Beyonder is quite right in that regard. The updates from the phone manufacturer instead of the OS developer just as well not be there in the first place.

Log in or Sign up

DHS warns of vulnerabilities in millions of smartphones

guest Guest

Beyonder Registered Member

ronjor Global Moderator

mekelek Registered Member

longshots Registered Member

EASTER Registered Member

Log in or Sign up

DHS warns of vulnerabilities in millions of smartphones

guest Guest

Beyonder Registered Member

ronjor Global Moderator

mekelek Registered Member

longshots Registered Member

EASTER Registered Member

Useful Searches