Any Android Devices are at Risk to Chrome Exploits

Android-chrome-exploitA critical vulnerability in Chrome for Android has been reported that makes it possible for attackers to take over a device without notice. The vulnerability was demonstrated and tackled  at the MobilePwn2Own, PacSec conference in Tokyo where the researcher believes that the vulnerability affects no exceptions, all versions of Android capable of running the latest version of Chrome.

The Qihoo 360 researcher Guang Gong the one who showcased the exploit. The vulnerability is said to reside in JavaScript v8, which is the Google’s open source JavaScript engine and for the vulnerability to be exploited, users needs to be wisely  tricked to visit a malicious website using Chrome Web browser, sometimes it redirect the user.

Once the user goes to that page on the browser, the attacker  then be able to install an arbitrary application and gain the full privileges of the device. The researcher noted that the attack was “one shot exploit,” which essentially means that it takes just one vulnerability and is enough to perform the attack. The exploit worked on many other Android devices as well

What’s impressive thing about Guang’s exploit is that it was just one shot; most people these days have to do exploit several vulnerabilities before it gets the privileged access and load software without interaction.
android-vulnerability
Once the phone accessed the malicious website, the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone, without prior notice and consumer’s knowledge.

Working details of the vulnerability haven’t been disclosed yet and it is said that Google had been made aware of the vulnerability and started something to counterpart the issue.

At the same event at the demo, the two security researchers managed to trick the non-rooted  Samsung Galaxy S6, Galaxy S6 Edge, and the Galaxy Note 4 to connect to a compromised malicious base station and had the calls and messages go through it and as a result of which, a victim’s calls and messages could be intercepted.

As for the rooted Android devices, vulnerabilities come  just easily and without interaction. With rooted devices, viruses, malware, adware and other vulnerabilities are so much welcome, thus putting your Android device and your self at greater risk of insecurity and dangers.

Right Time, Right Place for the BlackBerry Priv to be at Market

Blackberry PrivThe app market is now fed up of scrupulous malware or security scare especially to Google Android which os becoming almost weekly basis. That’s why Google has vowed for monthly security updates on their Nexus phones  and is hoping that its hardware partners do the same.

It’s also the reason why now is the right time for the BlackBerry to make its entry into the Android market with its new bet, the BlackBerry Priv smartphone.

Details of the handset have been around for a while now, and definitely you can mostly expect what’s found in other flagship Android phones. One key difference are the keys, which is definite a BlackBerry trademark–the skide-out keyboard wĥich  has the presence of a physical qwerty keyboard testifies to that.

It’s basically the first BlackBerry phone to run on a third-party OS specifically, the Android 5.1.1 Lollipop.

However, the most interesting selling part is its Grsecurity enhancement feature which basically means that it’ll be much  better protected against a range of security threats than your average Android phone.

BlackBerry is bringing its “Root of Trust” to Android, keeping unique crypto keys at the hardware level as a base to build on, but still on its safety net, which makes the phone difficult to crack.
Another is BlackBerry’s Verified Boot and Secure Bootchain used to determine all layers, from hardware to software and the company also beefs up the Linux kernel used to enhance the security at the operating system level.

blackberry-chen

The company finally made a line in the sand early this week and imposed that all new Android 6.0 devices must support it although there’s a catch: If a device doesn’t meet certain performance requirements it can be exempted from full encryption by default.

However, users can always enable it themselves, but a default option is absolutely far better and safer, provided their handset performance isn’t too adversely affected.

While the Blackberry Priv itself may not stand out from the multitudes of high-end Android phones in the market these days, the security aspect can be their best asset at this time. Though BlackBerry is now considering an Android-based smartphones, it may not have a great impact on the crowd, and besides there are solid Android devices for every budget these days. However, this Priv has something we haven’t seen for quite some time now.

And BlackBerry is playing their card right, the more people hear about Google Android security scares, the more  BlackBerry’s security heritage and approach could bring a surprising number of handset sales, both to consumers and enterprise workers alike and that’s for sure.

And for its status if it can be rooted is still unknown at the moment, but considering its Android-based system, Android rooting is definitely possible. But at this moment, it’s absolutely something to eye on.