New Major Vulnerabilities Found In LG, ASUS & Chinese Phones

Cybersecurity researchers discovered 47 new major vulnerabilities of Android-based firmware and default apps of 25 smartphones from LG Electronics, ASUS, and a number of other original equipment manufacturers, many of which are based in China. The findings that were presented at the latest edition of Las Vegas, Nevada-based Def Con conference encompass a wide variety of issues, ranging from potential privacy vulnerabilities to openings for full-fledged remote code execution. Four handsets from ZTE were found to be affected by some of the discovered problems, though only two were previously sold in the United States - the ZTE Blade Spark and Blade Vantage. Sony's Xperia L1 was also on the list of vulnerable devices, being affected by one exploit that can allow attackers to screenshot its notification bar.

A similar issue was found inside the Android Oreo implementation running on the Nokia 6, but not the variant that's sold in the U.S. ASUS, Alcatel, Vivo, OPPO, Essential, DOOGEE, LEAGOO, MXQ, Orbic, SKY, Coolpad, and Plum were also listed among the manufacturers that have some patching work to do in the future, provided they choose to address the new discoveries. IoT security company Kryptowire is credited with the findings that it hunted for in order to fulfill a grant given by the U.S. Department of Homeland Security.

While state-sponsored, the study isn't meant to be reflective of the federal government's stances on the state of mobile security. Regardless, with ZTE being one of the more high-profile names on the newly published list, the development marks yet another occasion on which the company's devices were presented as posing a potential security risk to American consumers. Refer to the banner below for a full list of at-risk Android devices discovered by Kryptowire. Administrators with affected devices being active in their ecosystems are advised to take immediate action to mitigate the risk of having their users compromised as it's currently unclear whether any of the listed manufacturers will be addressing the discovered vulnerabilities in the immediate future.

You May Like These
More Like This:
About the Author
2018/10/2018-10-23.jpg

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now