Be smart with security
-Tuner_desk
Today, smartphone has became an inevitable one in our routine life. Unlike other technologies, what made the technology to stand unique. Because, the big box of online, which can be informally called as Laptop too stands behind it. It all happened, when the tech giant google made the android operating system as simple, collective and a little secure. Yes, smartphones are not completely secure. Also, the security drop is not alone because of user, it is too because of the manufacturer, who releases the smartphones with unpatched vulnerabilities. In that way, recent advisory report from Lenovo on vulnerable flaws in vibe phones founds to be shocking and risky. Yesterday, Lenovo has released a security advisory 'LEN- 15823' describing three vulnerable flaws in Lenovo vibe which could allow the attackers to access the files of the users through root privilege access. Fortunately, the flaws are opened in unprotected smartphones. It means, smartphones without any security as pin or pattern lock screen are just like open ports, which could allow an actor to gain physical access of data with root access. Through those flaws, the attackers could even control the victim's smartphone. Flaws on vibe: According to the advisory, the below mentioned vulnerabilities are found in vibe smartphones. 1. CVE-2017-3748 - Through this flaw, the actor would be able to gain improper access controls on the nac_server component. Also, it is learnt that this flaw can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user. To be precise, this flaw could jailbreak the device and allow access to victim's credentials. 2.CVE-2017-3749 - By exploiting this flaw, Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.3. CVE-2017-3750 - The Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748. Along with the flaws, the firm suggested few things to avoid Cyber threat: According to the report, the first and foremost request to the users is not to root the smartphone, as it may cause potential damage. Also, ensure that, you have locked your smartphone with pin or password. Besides this, users using older versions of android before marshmallow are asked to take the following actions in the smartphone: * Ensure that, you have enabled android developer option menu in the device and disable ADB, when not in use. *Don't forget to lock screen authentication mechanism. *Also, if the updates are available, users are asked to install the updates through software update option available on the about phone menu in settings tab.
