The recent times have not been positive for the Android. The security flaws accumulate and are often beyond the control of Google, because they are associated to the hardware itself.
After last week, have been discovered that users ‘ data were being sent to China, there is now a new fault, which puts thousands of devices exposed to the installation of the malicious software.
The discovery of this new backdoor was made by the security company BitSight that, using a smartphone, BLU Studio G, was able to prove that there is a flaw in the firmware Ragentek that is installed, and that many manufacturers use in their equipment.
The discovery went further and proved, then, that the fault is on many other devices, all of them input range Android. These are the same that, last week, were the victims of another crash.
According to the company BitSight, these smartphones allow you to install software with elevated privileges, all thanks to a security flaw that is implemented in Ragentek and that allows access to updates via the form is not secure. These applications can then perform all sorts of data theft and the kidnapping of the devices for the purposes that the attackers need.
The list of devices affected by this failure is very large, with several chinese brands that they are exposed. The BitSight evaluated the requests addressed to two of the three domains that are registered in the firmware, which were not registered, and found that the great majority of the equipment did not identify the manufacturer. However, it was possible to notice that brands such as BLU, Doogee, Leagoo and Infinix have this problem.
The domains in question are oyag[.]lhzbdvm[.]with, oyag[.]prugskh[.]net and oyag[.]prugskh[.]with, which can help determine if the equipment is exposed to this new problem.
BitSight calculates that this failure is not intentional and is the result of a programming error, which should be easy to resolve. It is, however, the eternal problem of fragmentation of Android by resolve. The vast majority of the equipment currently allocated must not be updated, thereby becoming exposed to the problem.
via: BitSight
No comments:
Post a Comment