Security Alerts & News
by Tymoteusz A. Góral

History
#752 Chinese ARM vendor left developer backdoor in kernel for Android and other devices
Allwinner, a Chinese system-on-a-chip company that makes the processor used in many low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices, apparently shipped a version of its Linux kernel with a ridiculously easy-to-use backdoor built in. All any code needs to do to gain root access is send the text "rootmydevice" to an undocumented debugging process.

The backdoor code may have inadvertently been left in the kernel after developers completed debugging. But the company has been less than transparent about it: information about the backdoor was released and then apparently deleted through Allwinner's own Github account. The kernel, linux-3.4-sunxi, which was originally developed to support Android on Allwinner's ARM processors for tablets, has also been used to develop a community version. The kernel was also the basis for porting over various versions of Linux to Allwinner's processors, which are used in the Orange Pi and Banana Pi micro-PCs (developer boards compatible with Raspberry Pi) along with a number of other devices.
Read more
#756 Walmart sues Visa, wants to require PINs for all chip-enabled debit cards
#755 Corruption, code execution vulnerabilities patched in open source archiver 7-Zip
#754 Five vulnerabilities fixed in Chrome browser, Google pays $20K to bug hunters
#753 Emergency Flash update patches public zero-day
#752 Chinese ARM vendor left developer backdoor in kernel for Android and other devices
#751 Spam and phishing in Q1 2016
#750 Opera adds power-saving mode, offers “up to 50%” longer battery life
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12