LIVE Instructor-Led Courses
Dismiss
Secure Coding Course | 3 Android Security Vulnerabilities

10 January 2018

Secure Coding Course | 3 Android Security Vulnerabilities

QuadRooter flaw

Affecting handsets with Qaulcomm modem chipsets (80% of Android Phones), the QuadRooter vulnerability is introduced when a user downloads a malicious application on their Android device. Doing so would allow the device to be remotely taken control over by escalating the privileges of the installed app, and would also provide access to data and GPS location. The exploit was discovered by Israeli security firm Check Point, and is unusual in the way that each each phone maker had to provide their own individual patch the flaw. This further delayed the problem from being resolved, and affected many Android users.

With further consideration of secure coding taken into account during development, and having employees undergo secure coding training through the completion of a secure coding course, this vulnerability could have been avoided.

Certifi-gate vulnerability

Similarly to the QuadRooter vulnerability, the Certifi-gate flaw was also discovered by Check Point. The Certifi-gate flaw is a vulnerability in two mobile Remote Support Tool plug-ins used by a variety of handset makers, including Samsung, LG, HTC, Huawei and ZTE running Android versions up to 5.1. The vulnerability is exploited by masquerading a malicious application as a remote support application, like Rsupport, CommuniTake Remote Care and TeamViewer. An attacker could use this method to elevate their permissions on the handset and gain complete remote access.

‘Stagefright’ MMS exploit

The Stagefright vulnerability works by sending a malicious video via MMS to an android handset. Without any user interaction, the malicious code within the video would execute automatically before deleting itself off the device. At the time the flaw was recognised and made public, it affected around 95 percent of android users.


With the ever increasing risk falling victim to hackers, it is essential that application security through secure coding becomes a priority. Something as simple as understanding the basics of secure coding through secure coding training, can be all it takes to prevent online hackers from gaining access to your system through security flaws. To find out more about opportunities for secure coding courses, visit JBI.


For more more information about our range of courses: 

     - Python Course

     - BI Training

     - Agile Training Course

About the author: Craig Hartzel
Craig is a self-confessed geek who loves to play with and write about technology. Craig's especially interested in systems relating to e-commerce, automation, AI and Analytics.

CONTACT
+44 (0)20 8446 7555

[email protected]

SHARE

 

Copyright © 2023 JBI Training. All Rights Reserved.
JB International Training Ltd  -  Company Registration Number: 08458005
Registered Address: Wohl Enterprise Hub, 2B Redbourne Avenue, London, N3 2BS

Modern Slavery Statement & Corporate Policies | Terms & Conditions | Contact Us

POPULAR

Rust training course                                                                          React training course

Threat modelling training course   Python for data analysts training course

Power BI training course                                   Machine Learning training course

Spring Boot Microservices training course              Terraform training course

Kubernetes training course                                                            C++ training course

Power Automate training course                               Clean Code training course