Trustlook Releases ADUPS Vulnerability Detector

Trustlook has released a new feature in its Trustlook Mobile Security app that identifies the presence of rogue firmware from Shanghai ADUPS Technology Co. This potentially dangerous firmware comes pre-installed on some Android phones, and can monitor text messages, phone call histories, and details of how the phone is being used all without the user’s permission.

Until now, there was no easy way for users to check for this vulnerability. Only the most technically sophisticated users could identify the threat by observing the network traffic. Now, Trustlook is providing an easy-to-use, single-click ADUPS Vulnerability detector within the Trustlook Mobile Security app.

The Trustlook Mobile Security app is available to download for free from Google Play. It currently checks for all known versions of the ADUPS system apps that conduct aggressive data collection, with more being added as they are discovered.

We have also created an infographic with more details on the ADUPS threat.

Trustlook Mobile Security SDK Whitepaper Now Available

The Trustlook Mobile Security SDK is a robust, feature-packed, and multi-layered security framework for building mobile security apps. Learn how you can use the SDK to build your security app with the newly release whitepaper. See how GO Security was able to use Trustlook’s SDK to build one of the most popular security app in the Google Play store.

Download here:
http://www.trustlook.com/sdk_whitepaper/

Trustlook Sentinel Whitepaper Now Available!

Are you interested in learning more about one of the most groundbreaking technologies in mobile security?

Trustlook Sentinel is the first ever 100% behavioral based malware detection engine built into the operating system of a mobile device. It’s provides real-time zero day detection of malware. Download the whitepaper here and discover when Sentinel is considered a game changer in security. >>

Oops! BadKernel Now Affects 100 Million, Not 30 Million

We reported last week that BadKernel, a flaw in the Google Chromium mobile browser framework that spreads as users click on malicious links, affects 30 million Android users. However, from our internal reporting over the past few days, it’s clear that the actual number is much higher. Our new estimate is that BadKernel now impacts 100 million Android users. This is about 7% of the total Android user base.

Trustlook has released a new feature in its Trustlook Mobile Security  app that detects BadKernel. You are encouraged to scan your phone today and see if you are impacted.

Trustlook Releases BadKernel Vulnerability Detector

An Updated Version (Version 3.5.10) of the Trustlook Mobile Security App Identifies the BadKernel Issue Affecting 30 Million Android Users

Trustlook has released a new feature in its Trustlook Mobile Security app that detects BadKernel, the widespread vulnerability affecting millions of Android devices.

First discovered in August 2016, BadKernel is a flaw in the Google Chromium mobile browser framework that spreads as users click on malicious links. Users of older versions of Chromium-powered mobile browsers, as well as applications with embedded Webview (such as the massively popular WeChat app) may be vulnerable. If infected, a user’s contacts and text messages could be exposed, as well as any payment passwords.

To determine if your device is vulnerable to this threat, open the Trustlook Mobile Security app, navigate to the BadKernel Vulnerability detector on the main screen, and click “Check it Now.” If you are exposed, you can update your browser software.

Screenshot_2016-08-26-11-50-26         Screenshot_2016-08-26-11-50-33
The BadKernel vulnerability impacts an estimated 30 million Android smartphones and tablets. The flaw involves a bug in the source code of Google’s V8 JavaScript Engine, which is a component of the open-source Chromium. An attacker can exploit this flaw to cause key object information leakage.

Since many phones are not using the most current browser software, this zero-day attack could be used widely. Trustlook encourages users to run a quick scan of their phone and update their browser if they are affected. In addition, Trustlook suggests users not click on random links or links that appear suspicious. They also stress users keep their apps and OS updated, and continually monitor their device for any potential issues.

To check if your Android device is affected by the BadKernel vulnerability, please download the Trustlook Mobile Security app.

Trustlook App Detects Qualcomm QuadRooter Vulnerability

Trustlook released a free Qualcomm QuadRooter Scanner application (available on Google Play) that enables Android phone owners to check if they are exposed to QuadRooter, the widespread vulnerability affecting millions of Android devices. If their device is exposed, the user may be able to download a software update from the device manufacturer that contains a security patch.

First detailed by security researchers at Check Point at DEFCON 24 in August 2016, QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. In total, Check Point estimates that 900 million Android smartphones and tablets could be affected.

If any one of the four vulnerabilities is exploited, third party apps could gain special system privileges, or access to a user’s SMS database or phone history, without a user’s knowledge. Access could also provide an attacker with capabilities such as keylogging, GPS tracking, and recording video and audio.

Trustlook is working on providing detection against any additional Qualcomm vulnerabilities that may occur. Any user with a Qualcomm powered mobile device or tablet is encouraged to continually monitor their device.

Download the free QuadRooter Scanner app here.