Oops! BadKernel Now Affects 100 Million, Not 30 Million

We reported last week that BadKernel, a flaw in the Google Chromium mobile browser framework that spreads as users click on malicious links, affects 30 million Android users. However, from our internal reporting over the past few days, it’s clear that the actual number is much higher. Our new estimate is that BadKernel now impacts 100 million Android users. This is about 7% of the total Android user base.

Trustlook has released a new feature in its Trustlook Mobile Security  app that detects BadKernel. You are encouraged to scan your phone today and see if you are impacted.

Trustlook Releases BadKernel Vulnerability Detector

An Updated Version (Version 3.5.10) of the Trustlook Mobile Security App Identifies the BadKernel Issue Affecting 30 Million Android Users

Trustlook has released a new feature in its Trustlook Mobile Security app that detects BadKernel, the widespread vulnerability affecting millions of Android devices.

First discovered in August 2016, BadKernel is a flaw in the Google Chromium mobile browser framework that spreads as users click on malicious links. Users of older versions of Chromium-powered mobile browsers, as well as applications with embedded Webview (such as the massively popular WeChat app) may be vulnerable. If infected, a user’s contacts and text messages could be exposed, as well as any payment passwords.

To determine if your device is vulnerable to this threat, open the Trustlook Mobile Security app, navigate to the BadKernel Vulnerability detector on the main screen, and click “Check it Now.” If you are exposed, you can update your browser software.

Screenshot_2016-08-26-11-50-26         Screenshot_2016-08-26-11-50-33
The BadKernel vulnerability impacts an estimated 30 million Android smartphones and tablets. The flaw involves a bug in the source code of Google’s V8 JavaScript Engine, which is a component of the open-source Chromium. An attacker can exploit this flaw to cause key object information leakage.

Since many phones are not using the most current browser software, this zero-day attack could be used widely. Trustlook encourages users to run a quick scan of their phone and update their browser if they are affected. In addition, Trustlook suggests users not click on random links or links that appear suspicious. They also stress users keep their apps and OS updated, and continually monitor their device for any potential issues.

To check if your Android device is affected by the BadKernel vulnerability, please download the Trustlook Mobile Security app.

Sony Mobile is Releasing a Fix for Qualcomm Quadrooter Vulnerability

Users of Sony smartphones can breathe a little easier. The company has announced that patches are being released that address the widespread Qualcomm QuadRooter vulnerability that impacts close to 900 million Android phone users.

Here is Sony Mobile’s official comment on the Quadrooter Android vulnerability:

“Sony Mobile takes the security and privacy of customer data very seriously. We are aware of the ‘Quadrooter’ vulnerability and are working to make the security patches available within normal and regular software maintenance, both directly to open-market devices and via our carrier partners, so timings can vary by region and/or operator. Consumers are recommended to continuously upgrade their phone software in order to optimize performance of their Xperia™ smartphone. Users can take steps to protect themselves by only downloading trusted applications from reputable application stores.”

Even with this news, all Android users are encouraged to check their device with the free QuadRooter Scanner app from Trustlook.


Trustlook Updates Qualcomm QuadRooter Scanner Android App

Trustlook has updated its popular Qualcomm QuadRooter Scanner App in an attempt to improve the app’s stability. QuadRooter is a set of four vulnerabilities (CVE-2016-2059, CVE-2016-2503, CVE-2016-2504, CVE-2016-5340, CVE-2016-2060) affecting an estimated 900 million Android smartphones and tablets built using Qualcomm chipsets. The key updates to the app are as follows:

1. Improved descriptions for QuadRooter-related vulnerabilities

2. Added more information on “What is QuadRooter?” and “How can I stay safe?”

3. Added details on each CVE (Common Vulnerabilities and Exposures) type related to QuadRooter

4. Updated design

5. Improved stability

Please visit the Google Play store to update to the latest version of the QuadRooter detection app.


Top 5 Ways to Protect Yourself Against Qualcomm’s QuadRooter Vulnerability

QuadRooter is a set of four vulnerabilities (CVE-2016-2059, CVE-2016-2503, CVE-2016-2504, CVE-2016-5340, CVE-2016-2060) affecting Android devices built using Qualcomm chipsets. It is estimated that a staggering 900 million Android smartphones and tablets could be affected. Here are 5 ways to protect yourself against this vulnerability.

1. The most important thing you can do is avoid the problem in the first place. Only download apps from known sources. In your Android device’s security settings, make sure you have unchecked “Unknown sources.” This way you will be alerted if you attempt to install an app from a potentially unsafe source.


2. Scan your Android mobile phone with the free Qualcomm QuadRooter Scanner app available from the Google Play store. The app is small (less than 2mb) and takes only a few seconds to run. In addition to the four QuadRooter vulnerabilities, this app also detects the Qualcomm Tether Controller Vulnerability (CVE-2016-2060).



3. Visit your phone manufacturer’s website for any available security patches, especially if you have one of the following highly-vulnerable devices:

  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • BlackBerry Priv
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra
  • Blackphone 1 and Blackphone 2

4. Make sure your Android device is running the most up-to-date operating system. That would be either 5.1.1 (Lollipop) or 6.0.1 (Marshmallow) depending on your device.

Screenshot_2016-08-10-17-16-20 (1)

5. Always have a mobile antivirus app installed on your Android device. Trustlook Antivirus and Mobile Security can be download for free from the Google Play store.

Screenshot_2016-08-10-17-18-05 (1)

Trustlook App Detects Qualcomm QuadRooter Vulnerability

Trustlook released a free Qualcomm QuadRooter Scanner application (available on Google Play) that enables Android phone owners to check if they are exposed to QuadRooter, the widespread vulnerability affecting millions of Android devices. If their device is exposed, the user may be able to download a software update from the device manufacturer that contains a security patch.

First detailed by security researchers at Check Point at DEFCON 24 in August 2016, QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. In total, Check Point estimates that 900 million Android smartphones and tablets could be affected.

If any one of the four vulnerabilities is exploited, third party apps could gain special system privileges, or access to a user’s SMS database or phone history, without a user’s knowledge. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.

Trustlook is working on providing detection against any additional Qualcomm vulnerabilities that may occur. Any user with a Qualcomm powered mobile device or tablet is encouraged to continually monitor their device.

Download the free QuadRooter Scanner app here.

Trustlook Announces the Release of Sentinel

Trustlook today announced a new, patent-pending approach to detecting and preventing malware on mobile devices. This new approach, named Trustlook Sentinel™, detects suspicious behavior at the ROM, or operating system level of a mobile device. With Sentinel, an additional layer of protection is built directly into the mobile device, becoming part of the operating system. By making security integral to the device, Trustlook minimizes the vulnerability window. Applications, and their behaviors, are continuously monitored as they are used on the device, enabling unwanted behavior to be detected and blocked as it is being attempted.

Watch the video to learn more about Trustlook Sentinel.