Lenovo Vibe Phones Affected by Critical Vulnerability Spotted by FireEye's Mandiant

Share on Facebook Tweet Share Reddit Comment
Lenovo Vibe Phones Affected by Critical Vulnerability Spotted by FireEye's Mandiant
Highlights
  • Research firm Mandiant informed Lenovo about this last year
  • The fix is now available for select Vibe phones
  • It is recommended that you download the security patch soon

American cyber-security firm FireEye, specifically its Mandiant unit, discovered a critical vulnerability in the Lenovo Vibe P1 smartphone last year that allowed hackers to gain root access to the smartphone. The company informed Lenovo about it soon after, and now a security fix has finally been rolled out to compatible phones.

Lenovo has acknowledged the vulnerability, and it notes that the flaw "allows the user or an attacker with physical possession of a device that is not protected with a secure lock screen, e.g. PIN/ Password, to elevate privileges to the root user (commonly known as 'rooting' or 'jailbreaking' a device) with the ability to modify the device’s operation and functionality in myriad ways.” The fix has been rolled out to a subset of Lenovo Vibe phones, and it is recommended to be installed immediately, specifically on smartphones running on versions earlier than Android 6.0 Marshmallow.

The Chinese consumer electronics giant has also noted some mitigation strategies for users with older Android versions, and this includes disabling the Android Debug Bridge option from the Android Developer Options menu on the smartphone. They’ve also urged these users to enable lock screen authentication mechanisms like a PIN or password protection.

If you own a Lenovo Vibe phone, check for an update by heading to Settings > About Phone > System updates. All the affected devices are listed here. There are also a number of listed phones that don’t have any software fix, and they are forced to only resort to mitigation strategies listed above.

For this exploit to work, physical access to the device is necessary, therefore you may not see the exploit "in the wild". However, as privacy is paramount, it is recommended to update compatible devices to the most recent software package or protect their devices using strong lock screen settings.

  • Design
  • Display
  • Software
  • Performance
  • Battery Life
  • Camera
  • Value for Money
  • Good
  • Great battery life
  • Good performance and features
  • Improved software
  • Decent display
  • Bad
  • Heavy and aesthetically average
  • Camera has some problems
  • Fingerprint sensor is limited in function
Display5.50-inch
ProcessorQualcomm Snapdragon 615
Front Camera5-megapixel
Rear Camera13-megapixel
RAM2GB
Storage32GB
Battery Capacity4900mAh
OSAndroid 5.1.1
Resolution1080x1920 pixels
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Tasneem Akolawala When not expelling tech wisdom, Tasneem feeds on good stories that strike on all those emotional chords. She loves road trips, a good laugh, and interesting people. She binges on movies, sitcoms, food, books, and DIY videos. More
New Firewall Claimed to Better Protect Android Devices From Threats
Petya Ransomware a 'Ruse' to Hide Cyber-Attack Culprit, Claim Researchers
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.