Tuesday, November 10, 2015

HOWTO : Quick Audit Your Android Devices

*** Google Play install is no longer supported by Google. The official site provides apk file download for installation. Make sure you enabled the "Unknown sources" at "Settings" -- "Security" before the install. ***

Recently, there are some famous vulnerabilities on Android devices from Android 4.x to 5.x as well as 6.x. Since not all the vendors of Android device will release the fixes, you can inspect your devices to see if they are vulnerable or not. If they are vulnerable, you can use it with care or change to other devices which have been fixed the vulnerabilities.

VTS for Android is an open source project which can scan for the following current vulnerabilities :

Zip Bug 8219321 / Master keys
Zip Bug 9695860
Jar Bug 13678484 / Android FakeID
CVE 2013-6282 / put/get_user
CVE_2011_1149 / PSNueter / Ashmem Exploit
CVE_2014_3153 / Futex bug / Towelroot
CVE 2014-3847 / WeakSauce
Stagefright bugs
x509 Serialization bug
PingPong root - CVE-2015-3636
Stagefright - CVE-2015-6602
Samsung Remote Code Execution as System

By the way, we should also beware of the adware too. Some adware can auto-root your Android devices and they are almost impossible to remove. For details, please refer to this article.

That's all! See you.

HOWTO : Audit Your Home Router

Recently, a lot of home routers have been compromised. However, vendors of home router will not disclose if the vulnerabilities have been fixed or not. If you are Android users and using wifi at home, you can audit your home router easily with RouterCheck which can be downloaded at Google Play.

This apps will check the router if the default username and password are in force or not. It will also check if your router has the known vulnerabilities or not.

It will not change any setting of your router but it has some information for you to improve the security of your router.

That's all! See you.