Security flaws found in Lenovo VIBE devices to be root user

Lenovo VIBE devices are found to be vulnerable! An attacker can become 'root' - the highest privileged user to take the control of the device.
Lenovo Security Flaw
Lenovo Security Flaw
Mandiant's Red team has revealed all the technical details of this vulnerability, along with the steps required to take control of a device. The team has reported the same to the Lenovo security in May 2016, which was redirected to Motorola security, due to the Lenovo's acquisition. The team has identified three vulnerabilities.

  • Local backups enabled in Lenovo “Security” application (CVE-2017-3750)
  • Local backups enabled in Lenovo “Idea Friend” application (CVE-2017-3749)
  • Improper access controls in “nac_server” binary (CVE-2017-3748)

Which devices are affected by these vulnerabilities?
Lenovo has stated that the devices those are still operating on Lollipop, only, are vulnerable to these security flaws. You can check the list of devices vulnerable here.
CVE-2017-3748 - Improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as ‘rooting’ or “jail breaking” a device).
What is the solution provided by Motorola/Lenovo?
As soon as they received the details of the flaw, Motorola started working on it. As a result, Motorola has updated the security process and has released an OTA update.
CVE-2017-3749 - The Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750 
How an attacker can use this flaw?
The described exploit chain requires local, physical access to a device. Hence, the users are advised to update their devices with the latest software provided by Lenovo, as soon as possible.
Who discovered this security flaw?
Jake Valletta (@jake_valletta)
CVE-2017-3750 - The Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748
What a user can do to be safe?
This security flaw can be used to take control of a device only if it is not protected. So, use a screen lock security mode to protect your device.
Read more: Google's bounty!
Source: Mandiant's Red team

0 comments:

Post a Comment