The BadKernel Vulnerability Is Serious
The issue is known as BadKernel and allows hackers to steal user data from the affected devices. The bug also allows them to access the camera, to acquire sent and received SMS messages and all other critical system components. This is a remote code execution flaw which allows the malicious users to take control of the device.
The V8 engine is built in the Chromium mobile browser framework, which is the open-source version of the Chrome browser. The engine is also bundled in the WebView Android component which is used by mobile developers to view Web content inside their applications without using other browsers.
Security experts identified that many popular applications like Facebook, WeChat, Twitter and Gmail use the default vulnerable version which is default on Android 4.4.4 up to version 5.1 of the operating system.
Some software development kits (SDKs) such as the Tencent X5.SDK deploy custom engines based on the vulnerable V8 editions. BadKernel vulnerable applications include popular Chinese apps such as QQ, Jingdong, and Sohu.
The research data states that all major smartphone vendors are affected by the BadKernel flaw. In total 41.48% of all Samsung smartphones may be affected by the issue, Huawei follows with a 38.89% probability, and Motorola devices have a 26.67% chance of being affected.
The most affected country appears to be Peru, where one in every five devices is vulnerable.
The most affected browser is the one bundled by LG in their products, 75.1% of all installations are vulnerable. Samsung’s own browser follows with a 41% vulnerabilities in all devices.