Tag Archives: Google Nexus

Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction.

Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute

Chinese Hackers won $215,000 for Hacking iPhone and Google Nexus at Mobile Pwn2Own

The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan.

Despite the implementation of high-security measures in current devices, the famous Chinese hackers crew has successfully hacked both Apple’s iPhone 6S as well as Google’s Nexus 6P phones.

Hacking iPhone 6S

The Project Zero Contest — Google will Pay you $200,000 to Hack Android OS

Why waiting for researchers and bug hunters to know vulnerabilities in your products, when you can just throw a contest for that.

Google has launched its own Android hacking contest with the first prize winner receiving $200,000 in cash.

That’s a Hefty Sum!

The contest is a way to find and destroy dangerous Android vulnerabilities before hackers exploit them in the wild.
<!– adsense –>

Google Patches Critical Remotely-exploitable Flaws in Latest Android Update

Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system.
In total, there were five “critical” security vulnerabilities fixed in the release along with four “high” severity and one merely “moderate” issues.

Remote Code Execution Flaw in WiFi

A set of two critical vulnerabilities has been found in the Broadcom WiFi driver that could be exploited by attackers to perform Remote Code Execution (RCE) on affected Android devices when connected to the same network as the attacker.
The vulnerabilities (CVE-2016-0801 and CVE-2016-0802) can be exploited by sending specially crafted wireless control message packets that can corrupt kernel memory, potentially leading to remote code execution at the kernel level.

“These vulnerabilities can be triggered when the attacker and the victim are associated with the same network,” reads the advisory. “This issue is rated as a Critical severity due to the possibility of remote code execution in the context of the kernel without requiring user interaction.”

Remote Code Execution Flaw in Mediaserver

Another set of two critical security vulnerabilities were discovered in Mediaserver that was targeted last summer by critical Stagefright vulnerabilities and exploits, allowing anyone to compromise an Android device by sending just a specially crafted MMS message.
The recently discovered flaws (CVE-2016-0803 and CVE-2016-0804) in Mediaserver could enable remote code execution (RCE) on affected Android devices through email, web browsing, or MMS files when processing media files.
Moreover, a separate vulnerability called elevation of privilege (CVE-2016-0810) was also discovered in Mediaserver that could be exploited to gain elevated capabilities, including Signature or SignatureOrSystem permissions privileges, that aren’t accessible to third-party apps.
Two Elevation of Privilege vulnerabilities has also been found in Qualcomm components: the Qualcomm Performance Module (CVE-2016-0805) and the Qualcomm Wi-Fi Driver (CVE-2016-0806). Both the flaws, rated as critical, leveraged an attacker to launch further attacks.
Another critically rated bug (CVE-2016-0807) discovered in the Debuggerd component could open the door to execute arbitrary code within the device’s root level. Debuggerd is a software tool used for debugging and analyzing Android crashes.

Other high severity bugs include:

  • An elevation of privilege vulnerability in the Android Wi-Fi component
  • A denial-of-service vulnerability in the Minikin library
  • An information disclosure bug in libmediaplayerservice
The final set of vulnerabilities is an Elevation of Privilege flaw in Setup Wizard that could allow a hacker to bypass the Factory Reset Protection and gain access to the affected device.
All the Security patches are currently made available for Nexus devices only. Google also shared the patches with carrier and manufacturer partners on January 4, but users of other Android devices should have to wait until their devices receive an update.
Nexus device users are advised to patch the flaws by flashing their devices to this new build immediately. Users can also wait for the OTA (Over-the-Air) update that will be out in the next week or so.