Nus trivia News a.i. video




Carrie Lam shouted down by pro-democracy lawmakers on floor of Hong Kong parliament

Lenovo's Thinkpad X1 foldable laptop will get bent out of shape before Surface Neo

Google Pixel 4 vs Pixel 3: what upgrades does Google's newest phone bring?

Elon Musk reportedly testified that he's low on cash and assets that could quickly be turned into cash

Fake iOS jailbreak could be putting iPhone users at risk

I took some photos with Google's new Pixel 4 smartphone — here are some samples from its camera

NASA charged taxpayers $5M for SpaceX safety review after Elon Musk got high

Microsoft Office now supports dark mode for iPhone and iPad

Luna Display adds new Mac-to-Mac mode as it competes with Apple’s Sidecar feature - 9to5Mac

Galaxy S11 leak hints at a taller 20:9 display - Android Central

SpaceX may want to launch 42,000 internet satellites — about 5 times more spacecraft than humanity has ever flown

How to stop a workout on your Apple Watch automatically or manually

NASA Engineer Has A Great Idea for a High-Speed Spacedrive. Too Bad it Violates the Laws of Physics - Universe Today

How to set the time on an Apple Watch manually, and even make it different from the time on your iPhone

Google reportedly won’t sell Pixel 4 in India due to Motion Sense radar spectrum issues

BBC winds down its in-house VR production team

Google keeps adding Pixel features it claimed it didn’t need

The new Google Assistant doesn't support button navigation, to the dismay of users

Future of SpaceX Starlink and Starships

Microsoft launches new open-source projects around Kubernetes and microservices

Zero-day exploits found in Android VoIP - TechRadar

Date published: 2019-10-09
Originally published: Here. Excerpt below.


Chinese researchers have found no less than nine zero-day vulnerabilities in how Android handles VoIP in its more recent versions.
The researchers stated that most security investigations focus on network infrastructure and apps, whereas they decided to look at Android’s VoIP integration. 
What they found were flaws that could allow a malicious user to:
The main problem areas were the VoLTE and VoWiFi functions of Android.
The researchers submitted their findings to Google, who confirmed them with bug bounty awards.
The flaws were discovered through a novel combination of on-device Intent/API fuzzing, network-side packet fuzzing, and targeted code auditing.
They discovered that the problems were present from Android version 7.0 to the more recent 9.0, two-thirds of which could be exploited by a network-side adversary due to incompatible processing between VoIP and PSTN calls.
According to the researchers, the security consequences of the vulnerabilities are "serious", though Google is shortly expected to release a patch.
However, it's not the first time VoIP vulnerabilities have made the headlines in recent weeks. A report last month found that telecoms giant Avaya had failed to apply a patch to a known vulnerability in its own phone system, even though it was made available 10 years ago.
The news comes only days after we reported on a zero-day exploit in the Android kernel, which could allow a malicious hacker to gain root access to Android phones.
This vulnerability was patched in Android, kernel versions 3.18, 4.14, 4.4 and 4.9, but not in more recent ones.
The problem for users is that Google's Threat Analysis Group (TAG) confirmed that this vulnerability had already been used in real-world attacks. However, it does require a malicious app to already be installed and running on the user's phone.
Via ZDNet ...


Related stories


Android Circuit: New Samsung Galaxy Leaks, Stunning OnePlus 7T Pro, Microsoft's Android Surprise - Forbes


Android users warned to delete these 15 apps immediately - Cornwall Live


Explore more stories...

Continue reading story: Here.

Today's top stories on a.i.video


Other trending stories



Tell us what you think!


Could your next smartwatch replace your phone? - TechRadar https://t.co/oPECxX1hLY #Apple #Watch #Zhang #tech pic.twitter.com/WucJYsIDOC

— NUS Trivia | tech news (@NusTrivia) October 9, 2019