A team of researchers from OPPO ZIWU Cyber Security Lab in Shenzhen, China University of…
“In research funded by the US Department of Homeland Security, the Kryptowire found apps secretly recording audio, changing phone settings without user permission and even granting themselves new permissions”, — write C|Net journalists.
The list of vendors on whose phones are found flaws includes industry leaders as Samsung, Xiaomi, Asus and Sony.
The objects of analysis performed using the Kryptowire own engine include modified versions of Android and original programs that are not part of the standard OS package. In the focus of experts’ attention were devices from 29 manufacturers on the US market.
“Testing revealed 146 vulnerabilities in them, almost a third of which are associated with escalation of privileges and enables third-party applications to gain unauthorized access to the system settings”,- say the researchers.
A large group of bugs is related to bypassing Android security boundaries. Researchers have found 34 applications that can install third-party programs on the device without checking the digital signature. Another 30 system utilities allow the launch of third-party products with extended privileges, regardless of the permissions available for this. Other vulnerabilities include the ability to change settings through a wireless connection, unauthorized use of a microphone, and dynamic downloading of third-party code.
Read also: Thousands of Disney + accounts are already sold on the darknet
The largest number of bugs – 33 – was found in the firmware of Samsung phones, on the second line are ASUS devices, in which were found 26 vulnerabilities, in third place was Xiaomi with 15 vulnerabilities.
Therefore, experts discovered and registered the following problems:
Experts informed device manufacturers and developers of the operating system of the identified vulnerabilities. In response, Google representatives said they highly appreciate the work of researchers in the responsible disclosure of bugs found.
Chernars.com is a domain that tries to force you into subscribing to its browser notifications…
Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…
Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…