Tuesday, November 10, 2015

HOWTO : Quick Audit Your Android Devices

*** Google Play install is no longer supported by Google. The official site provides apk file download for installation. Make sure you enabled the "Unknown sources" at "Settings" -- "Security" before the install. ***

Recently, there are some famous vulnerabilities on Android devices from Android 4.x to 5.x as well as 6.x. Since not all the vendors of Android device will release the fixes, you can inspect your devices to see if they are vulnerable or not. If they are vulnerable, you can use it with care or change to other devices which have been fixed the vulnerabilities.

VTS for Android is an open source project which can scan for the following current vulnerabilities :

Zip Bug 8219321 / Master keys
Zip Bug 9695860
Jar Bug 13678484 / Android FakeID
CVE 2013-6282 / put/get_user
CVE_2011_1149 / PSNueter / Ashmem Exploit
CVE_2014_3153 / Futex bug / Towelroot
CVE 2014-3847 / WeakSauce
Stagefright bugs
x509 Serialization bug
PingPong root - CVE-2015-3636
Stagefright - CVE-2015-6602
Samsung Remote Code Execution as System

By the way, we should also beware of the adware too. Some adware can auto-root your Android devices and they are almost impossible to remove. For details, please refer to this article.

That's all! See you.