Skip to main content

More than half of Android devices are vulnerable by BadKernel Vulnerability

Release Date: 7 Oct 2016 1658 Views

In May 2015, a security bug in Google's V8 JavaScript engine was discovered and fixed. However, only in August 2016, Chinese information security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Google use V8 engine for the creation of mobile browsers and WebView Android components. Any app running on Android versions 4.4.4 to 5.1 system and uses the WebView component are also vulnerable. According to Google Play Developer Console, the distribution of platform versions 4.4.4 up to version 5.1 is about 62.7%, which is over 50% of Android device. HKCERT advices that users should keep the apps up-to-date and always install firmware with security update when it becomes available.

 

Figure 1: Distribution of platform Android by version

 

Affected Android Devices

All major smartphone vendors are affected by BadKernel flaw, such as LG, Samsung, Huawei, Motorola, etc. Here is the list, provided by Trustlook, to show affected android devices.

 

URL: http://www.trustlook.com/threat/badkernel/

 

Is my Android device at risk?

You can install the "BadKernel security scanner " app provided by Trustlook from the Google Play Store to check if your device is affected.

 

URL: https://play.google.com/store/apps/details?id=com.trustlook.antivirus&hl=en

 

 

BadKernel Vulnerability Check by mobile app

 

Users also can use mobile browser to check by below URL:

URL: http://www.trustlook.com/badkernel_checker

 

BadKernel Vulnerability Check by Web browser

 

Security Advice

Users are advised to install firmware with security update when it becomes available. Before the problem is fixed, users should stay vigilant on mobile app installation and updates.

  • Download and install the latest Android firmware updates as soon as they become available. These include important security updates that help keep your device and data protected.
  • Avoid side-loading Android apps (.APK files) or downloading apps from third-party sources. Instead, practice good app hygiene by downloading apps only from trusted vendor in Google Play.
  • Do not use unknown public Wi-Fi networks to install and update Android apps.
  • Use Android security apps to protect your devices to block the install of malicious and unwanted apps, even if they come from Google Play.

 

Reference: