20 December 2017
Affecting handsets with Qaulcomm modem chipsets (80% of Android Phones), the QuadRooter vulnerability is introduced when a user downloads a malicious application on their Android device. Doing so allows the device to be remotely taken control over by escalating the privileges of the installed app, and would also provide access to data and GPS location. The exploit was discovered by Israeli security firm Check Point, and is unusual in the way that each each phone maker had to provide their own individual patch to fix the flaw. This further delayed the problem from being resolved, and affected many Android users.
With further consideration of secure coding taken into account during development, and having employees undergo secure coding training through the completion of a secure coding course, this vulnerability could have been avoided.
Similarly to the QuadRooter vulnerability, the Certifi-gate flaw was also discovered by Check Point. The Certifi-gate flaw is a vulnerability in two mobile Remote Support Tool plug-ins used by a variety of handset makers, including Samsung, LG, HTC, Huawei and ZTE running Android versions up to 5.1. The vulnerability is exploited by masquerading a malicious application as a remote support application, like Rsupport, CommuniTake Remote Care and TeamViewer. An attacker could use this method to elevate their permissions on the handset and gain complete remote access.
‘Stagefright’ MMS exploit
The Stagefright vulnerability works by sending a malicious video via MMS to an android handset. Without any user interaction, the malicious code within the video would execute automatically before deleting itself off the device. At the time the flaw was recognised and made public, it affected around 95 percent of android users.
With the ever increasing risk falling victim to hackers, it is essential that application security through secure coding becomes a priority. Something as simple as understanding the basics of secure coding through secure coding training, can be all it takes to prevent online hackers from gaining access to your system through security flaws. To find out more about opportunities for secure coding courses, visit JBI.
For more more information about our range of courses: