Lenovo Vibe Phones Affected by Critical Vulnerability Spotted by FireEye's Mandiant

Share on Facebook Tweet Snapchat Share Reddit Comment
Lenovo Vibe Phones Affected by Critical Vulnerability Spotted by FireEye's Mandiant
Highlights
  • Research firm Mandiant informed Lenovo about this last year
  • The fix is now available for select Vibe phones
  • It is recommended that you download the security patch soon

American cyber-security firm FireEye, specifically its Mandiant unit, discovered a critical vulnerability in the Lenovo Vibe P1 smartphone last year that allowed hackers to gain root access to the smartphone. The company informed Lenovo about it soon after, and now a security fix has finally been rolled out to compatible phones.

Lenovo has acknowledged the vulnerability, and it notes that the flaw "allows the user or an attacker with physical possession of a device that is not protected with a secure lock screen, e.g. PIN/ Password, to elevate privileges to the root user (commonly known as 'rooting' or 'jailbreaking' a device) with the ability to modify the device’s operation and functionality in myriad ways.” The fix has been rolled out to a subset of Lenovo Vibe phones, and it is recommended to be installed immediately, specifically on smartphones running on versions earlier than Android 6.0 Marshmallow.

The Chinese consumer electronics giant has also noted some mitigation strategies for users with older Android versions, and this includes disabling the Android Debug Bridge option from the Android Developer Options menu on the smartphone. They’ve also urged these users to enable lock screen authentication mechanisms like a PIN or password protection.

If you own a Lenovo Vibe phone, check for an update by heading to Settings > About Phone > System updates. All the affected devices are listed here. There are also a number of listed phones that don’t have any software fix, and they are forced to only resort to mitigation strategies listed above.

For this exploit to work, physical access to the device is necessary, therefore you may not see the exploit "in the wild". However, as privacy is paramount, it is recommended to update compatible devices to the most recent software package or protect their devices using strong lock screen settings.

  • Design
  • Display
  • Software
  • Performance
  • Battery Life
  • Camera
  • Value for Money
  • Good
  • Great battery life
  • Good performance and features
  • Improved software
  • Decent display
  • Bad
  • Heavy and aesthetically average
  • Camera has some problems
  • Fingerprint sensor is limited in function
Display 5.50-inch
Processor Qualcomm Snapdragon 615
Front Camera 5-megapixel
Rear Camera 13-megapixel
RAM 2GB
Storage 32GB
Battery Capacity 4900mAh
OS Android 5.1.1
Resolution 1080x1920 pixels
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
New Firewall Claimed to Better Protect Android Devices From Threats
Petya Ransomware a 'Ruse' to Hide Cyber-Attack Culprit, Claim Researchers

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com