How smart are smartphones against hackers?

By Balamurugan Selvaraj Published on Jul 04, 2017 02:59 PM IST

Today, smartphones have become a part of our life. Unlike other technologies, this one is unique. Even laptop comes after this with tech giant Google making Android operating system simple, collective and a little secure. However, these smartphones are not completely secure. The security drop is not because of user, but because of manufacturers, who release these smartphones with unpatched vulnerabilities.

In that way, a recent advisory report from Lenovo on vulnerable flaws in Vibe phones was shocking. Yesterday, Lenovo released a security advisory 'LEN- 15823' describing three vulnerable flaws in Lenovo Vibe which could allow the attackers to access files of users through root privilege access.

Fortunately, the flaws are opened in unprotected smartphones. It means smartphones without any security as pin or pattern lock screen are just like open ports, which could allow an actor to gain physical access to data with root access. Through those flaws, the attackers could even control the victim's smartphone.

Flaws on Vibe:

According to the advisory, these vulnerabilities are found in Vibe smartphones:

1. CVE-2017-3748 - Through this flaw, the actor would be able to gain improper access controls on the nac_server component. Also, it is learnt that this flaw can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user. To be precise, this flaw could jailbreak the device and allow access to victim's credentials.

2. CVE-2017-3749 - By exploiting this flaw, Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.

3. CVE-2017-3750 - The Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748.

Along with the flaws, the firm suggested a few things to avoid cyber threat:

According to the report, the first and foremost request to users is not to root the smartphone, as it may cause potential damage. Also, ensure that you have locked your smartphone with pin or password. Besides this, people using older versions of Android before Marshmallow are asked to take the following actions in the smartphone:

* Ensure that, you have enabled Android developer option menu in the device and disable ADB, when not in use.

* Don't forget to lock screen authentication mechanism.

* Also, if the updates are available, users are asked to instal the updates through software update option available on the about phone menu in settings tab.