Slashdot Mirror

← Back to Stories (view on slashdot.org)

BadKernel Vulnerability Affects One In 16 Android Smartphones (softpedia.com)

Posted by BeauHD on from the staggering-statistics dept.

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.

2 of 58 comments (clear)

  1. Best ways, huh? by Bob+the+Super+Hamste · · Score: 4, Interesting

    One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated.

    So how many of the devices listed are basically unsupported since initial sale and will never be update?.

    I really wonder if things like this should be treated as manufacturing defects and since carriers and phone vendors don't seem to want to support these devices people should start bringing them back and getting them replaced for free as they are obviously defective.

    I don't know warranty law but maybe someone one could chime in who has some idea as it would seem that if these issues aren't fixed then the customer is due a replacement or refund because their device does have a manufacturing or design defect.

    --
    Time to offend someone
  2. Re:The list is just about worthless by Nemyst · · Score: 4, Interesting

    I don't know about you, but I don't think I'd trust the results of a security app made by a company I've never heard of before.