25 Smartphone Models Found Shipping With Severe Firmware Flaws: Defcon 2018
This year’s Defcon witnessed many interesting events, including the hacking of voting machines by 11-year-olds and macOS’s vulnerabilities to grant permissions to Malware with the help of invisible clicks.
In another interesting event at Defcon 2018, security researchers from US Mobile and IoT security firm Kryptowire have unearthed the fact that the default apps of 25 Android smartphone models are affected by about 47 vulnerabilities. 11 of the affected smartphones are sold in the US.
These vulnerabilities have been found in some of the big OEM brands. Not only some default apps have issues, but vulnerabilities have also been found in the firmware of core device drivers. In the case of firmware, drivers cannot be removed without affecting the phone’s core functionalities.
Some vulnerabilities involve crashing of devices while other could allow an attacker to send and receive text messages from user’s phone, obtain the affected users’ contact list, record phone screen, grant permissions to install third-party apps without letting users know and even wipe out the device’s entire data.
List of Affected OEM’s
Smartphones from small as well as big OEMs are under the radar. OEMs such as ZTE, Leagoo, and Doogee have been included in the list of insecure Android device manufacturers previously as well. Leagoo and Doogee have been reported to come preinstalled with apps that have banking trojans.
Here is a list of all the affected smartphone models.
- ZTE ZMAX Pro
- ZTE ZMAX Champ
- ZTE Blade Spark
- ZTE Blade Vantage
- Vivo V7
- Sony Xperia L1
- SKY Elite 6.0L+
- Plum Compass
- Orbic Wonder
- Oppo F5
- Nokia 6 TA-1025
- MXQ TV Box
- LG G6
- Leagoo P1
- Leagoo Z5C
- Doogee X5
- Coolpad Revvl Plus
- Coolpad Canvas
- Coolpad Defiant
- Asus Zenfone 3 Max
- Asus Zenfone V Live
- Alcatel A30
Does your smartphone feature in this list? Tell us in the comments.
- Cyber Incident Response Consultant, Italy
- Up to €60,000
Cyber Incident Response Consultant, Italy Up to €60,000 Cyber Incident Response Consultant is needed to join a global consultancy whose cyber business unit are continuing to their investment in the growth of their team. The Cyber Incident Response Consultant role is client facing that will join an award-winning team that deliver varied, interesting and often challenging work to a wide range of prestigious clients. The Cyber Incident Response Consultant MUST have current experience taking a client through the complete IR / triage process and have a blend of both technical and commercial (identifying and developing new business opportunities within a client) Proactive Incident response, forensics and eDiscovery experience is a MUST. The Cyber Incident Response Consultant must be happy to travel. Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within an cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) Any of the following are very desirable also CREST Certified Network Intrusion Analyst (CCNIA) CREST Certified Host Intrusion Analyst (CCHIA) CREST Certified Malware Reverse Engineer (CCMRE) CREST Practitioner Intrusion Analyst (CPIA) Career development and the opportunity to influence, apply today for more information.
- Data Consultant
- Up to £90,000 Base
Data Consultant Location: London Salary: Up to £90,000 basic DD7692 A leading Google Cloud Platform (GCP) Provider who is looking for a Data Consultant, based in London. Experience with GCP or other similar platforms (AWS, AZURE etc), experience with GCP technologies as well as experience with Machine Learning, Data Mining and Data Analytics. The Data Consultant will be responsible for design solutions for customers and providing technical knowledge in customer meetings. Ideally, the Data Consultant will have experience transforming the way companies work by building company-centric solutions on the Google Cloud Platform or similar cloud platforms. Our client is a Premier Google Cloud Partner, offering an exciting opportunity to work with innovative technology whilst giving you the chance to grow and develop your career. You will have the opportunity to benefit from a number of training courses at several Google locations.
- Senior Delivery Consultant Emerging Technologies
Senior Delivery Consultant Emerging Technologies The Senior Delivery Consultant will work on pure retained executive search mandates in the emerging technology sector. The Senior Delivery Consultant will work closely with the practice lead to complete research and deliver the assignment to completion. This is a senior role with both client and candidate contact, although you will not have a fee generation target. A generous commission structure will exist linked to the successful delivery of assignments. Come and work for a business where the client is retained and you can focus 100% of your time and efforts headhunting the best talent out there in the market! Ref: AMSDC Salary: Dependant on Experience Location: Beckenham
- SOC Manager / Threat Hunting Service Lead, Cyber
- £85,000 +
REFCH7713 SOC Manager / Threat Hunting Service Lead, Cyber £85,000 + Bracknell SOC Manager / Threat Hunting service Lead needed- must be commutable to the Reading / Bracknell area. We are looking for a SOC Manager / Threat Hunting Service Lead to aid in building out a new SOC / Threat hunting (IR) service offering. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; Establishing the technical process, building operational capability, managing and hiring team, creation of policy/playbooks, fine turning of the go-to-market collateral etc. Apply today for more information or contact me directly on Chris.Holt@dclsearch.com or 07884666351 Cyber Security Jobs, Information Security Jobs, SOC Manager Jobs, SOC Jobs