Author Topic: BroadAnywhere (Read 7861 times)

Sam 2 · « **on:** February 08, 2015, 03:02:43 AM »

Does Avast Mobile detect BroadAnywhere?
http://www.4g-bd.com/2014/11/android-broadanywhere-broke-new.html#axzz3R83yI98n
http://www.cmcm.com/blog/en/security/2014-11-15/468.html

Sam 2 · « **Reply #1 on:** February 12, 2015, 01:05:23 AM »

Quote from: Sam 2 on February 08, 2015, 03:02:43 AM

Does Avast Mobile detect BroadAnywhere?
http://www.4g-bd.com/2014/11/android-broadanywhere-broke-new.html#axzz3R83yI98n
http://www.cmcm.com/blog/en/security/2014-11-15/468.html

I must surmise by the lack of any response that Avast Mobile leaves it's users amongst the 99% who are vulnerable to the BroadAnywhere infection.

Eddy · « **Reply #2 on:** February 12, 2015, 03:23:33 AM »

No response only means someone who has the answer has not read your post (yet).
It does just mean that and nothing more, nothing less.
Since the flaw is known for several months now, it would surprise me if avast isn't protecting you.
I will leave it to someone from avast to elaborate on this.

BroadAnywhere is not a infection/malware.
It is a security flaw in Android versions prior to Lollipop (version 5)

Source: http://www.cmcm.com/blog/en/security/2014-11-15/468.html

Quote

A newly discovered vulnerability called BroadAnywhere could severely impact almost every Android user.

The recently launched Android 5.0 Lollipop has fixed a serious issue (Bug: 17356824), however, every version below 5.0 is still at risk. Currently, the number of people exposed could be as high as 99% of all Android users. This issue, currently being referred to as "BroadAnywhere", is able to forge messages from any sender, crash or restart your device, or even completely wipe all data stored on the phone!

The crux of this flaw is that Android’s Settings app can transfer a parameter called PendingIntent to all third party apps, and these apps are then able to modify the contents of PendingIntent and then send it back to the system. Simply put, malicious apps can freely modify some settings of the device. This allows the malicious apps to do a lot of dangerous things.

How exactly might this issue affect you?

1. Devices could stop working
BroadAnywhere can cause the entire system to stop responding, turning your device into a paperweight for a while. Functions will gradually cease to perform, and eventually the device will crash.

2. SMS content and its sender can be forged
Attackers can send messages to your device that appear to be from whoever they choose. For example, they could send a message that appears to be from your cousin, asking you to urgently deposit some money into a bank account…

3. All your data could be wiped
With BroadAnywhere, malicious apps are able to send a “com.google.android.c2dm.intent.RECEIVE” broadcast, which essentially means that the device will undergo a factory reset and will act the same as if you’d just bought it and taken it out of the box for the first time. All of your apps, photos, videos, contacts, messages and everything else will be gone.

Sam 2 · « **Reply #3 on:** February 12, 2015, 07:09:34 AM »

Quote from: Eddy on February 12, 2015, 03:23:33 AM

No response only means someone who has the answer has not read your post (yet).
It does just mean that and nothing more, nothing less.
Since the flaw is known for several months now, it would surprise me if avast isn't protecting you.
I will leave it to someone from avast to elaborate on this.

BroadAnywhere is not a infection/malware.
It is a security flaw in Android versions prior to Lollipop (version 5)

Source: http://www.cmcm.com/blog/en/security/2014-11-15/468.html

Quote
A newly discovered vulnerability called BroadAnywhere could severely impact almost every Android user.

The recently launched Android 5.0 Lollipop has fixed a serious issue (Bug: 17356824), however, every version below 5.0 is still at risk. Currently, the number of people exposed could be as high as 99% of all Android users. This issue, currently being referred to as "BroadAnywhere", is able to forge messages from any sender, crash or restart your device, or even completely wipe all data stored on the phone!

The crux of this flaw is that Android’s Settings app can transfer a parameter called PendingIntent to all third party apps, and these apps are then able to modify the contents of PendingIntent and then send it back to the system. Simply put, malicious apps can freely modify some settings of the device. This allows the malicious apps to do a lot of dangerous things.

How exactly might this issue affect you?

1. Devices could stop working
BroadAnywhere can cause the entire system to stop responding, turning your device into a paperweight for a while. Functions will gradually cease to perform, and eventually the device will crash.

2. SMS content and its sender can be forged
Attackers can send messages to your device that appear to be from whoever they choose. For example, they could send a message that appears to be from your cousin, asking you to urgently deposit some money into a bank account…

3. All your data could be wiped
With BroadAnywhere, malicious apps are able to send a “com.google.android.c2dm.intent.RECEIVE” broadcast, which essentially means that the device will undergo a factory reset and will act the same as if you’d just bought it and taken it out of the box for the first time. All of your apps, photos, videos, contacts, messages and everything else will be gone.

Thanks Eddy.

Eddy · « **Reply #4 on:** February 12, 2015, 08:30:35 AM »

No problem.
You got lucky that I saw your post and had some time to spare

Take care and keep your system(s) clean.

denics · « **Reply #5 on:** February 19, 2015, 10:05:25 AM »

Hi all, sorry for the communication delay. BroadAnywhere is detected by Avast Mobile.

Author Topic: BroadAnywhere (Read 7861 times)

Sam 2

BroadAnywhere

Sam 2

Re: BroadAnywhere

Eddy

Re: BroadAnywhere

Sam 2

Re: BroadAnywhere

Eddy

Re: BroadAnywhere

denics

Re: BroadAnywhere