Loading the content... Loading depends on your connection speed!

360 mobile phone guards team at syscan360 analysis of google badkernel vulnerability

QQ, QQ space, Jingdong and other APP are we often use, in the absence of experience cottage, did not encounter a virus, you may sweep the two-dimensional code or point a friend circle link can automatically transfer, Yes, the BadKernel vulnerability makes this possible.

On November 25, at the last hacking conference of the security circle this year, Gong Guanghe and Deng Yuan, security researcher of 360 mobile phone guards, analyzed the BadKernel, which had caused global concern and affected hundreds of millions of users Of the loopholes.

360 security guards security researcher SyScan360 analysis of hundreds of millions of users of vulnerability

This year in August, 360 mobile phone guard Alpha team first discovered the BadKernel vulnerability, and submitted to the Google related reports. According to reports, the vulnerability exists in a specific version of the V8 browser engine, because Tencent’s X5 kernel is based on the vulnerability version of the V8 engine customization, the use of X5 core applications may be affected by this vulnerability, causing domestic and foreign media As well as security companies of widespread concern.

The 2016 SyScan360, 360 mobile guards security researcher Gong Guang and Deng Yuan again for the guests depth analysis of the BadKernel vulnerability. In fact, the BadKernel vulnerability is caused by a clerical error in the source code that can easily lead to the disclosure of key object information, which in turn leads to arbitrary code execution. Because Chrome V8 as an open source high-performance JS engine, almost monopolized the App market, as an essential component of web browsing, the existence of the vulnerability also affected a wide range.

Chrome Mobile, Opera Mobile, and Android 4.4.4 to 5.1 version of the system based on the development of the WebView control of mobile phone App may be affected by the vulnerability, prevalent in including LG, Samsung, Motorola, Huawei, HTC and other popular mobile phones. It is estimated that around the world every about sixteen Android phones, there is a vulnerability affected by BadKernel. WeChat, mobile QQ, QQ space, Jingdong, 58 city, Sohu video, Sina news using X5 kernel applications are also threatened, directly affect the security of hundreds of millions of users. Speech, 360 mobile phone guards security researcher also introduced some of the characteristics of JavaScript vulnerable to attack and V8 analysis and debugging skills for the participants to bring practical dry goods.

360 mobile phone guards team at syscan360 analysis of google badkernel vulnerability

It is reported that the two security researchers attending the SyScan360 are part of the 360 mobile phone guards Alpha team. In recent years, 360 mobile guards Alpha team members in BlackHat, CanSecWest, SysCan360, PHDays, MOSEC, PacSec and other international security conference, delivered a speech on the topic; and Pwnfest on the world’s first break Pixel, Pwn2Own 2016 successfully break the Chrome browser, In the Pwn0Rama 2016 successfully break the Nexus 6p mobile phone, Pwn2own Mobile 2015 successfully break the Nexus 6 phone.

At the same time, 360 mobile phone guards Alpha team is committed to providing mobile phone guards security research support and achievement transformation, is committed to Android system vulnerabilities and mobile browser exploits and exploits. So far, the Alpha team has found 28 vulnerabilities, the cumulative public recognition of Google received 13 times, but also the previous hacker contest “Grand Slam” team.

The topics covered in the 2016 SyScan360 conference covered topics such as Mac OS, iOS, medical device security, windows kernel security, the latest browser attack technology, bank security, chip security, php security, malware classification, digital TV security, car safety and many more. Also as the organizers of the original intention, 360 mobile phone guards team constantly digging and exploiting system vulnerabilities, is to use mobile phones more secure environment.

Leave a Comment