99% of Android users are susceptible to the new BroadAnywhere vulnerability!

A newly discovered vulnerability called BroadAnywhere could severely impact almost every Android user.

The recently launched Android 5.0 Lollipop has fixed a serious issue (Bug: 17356824), however, every version below 5.0 is still at risk. Currently, the number of people exposed could be as high as 99% of all Android users. This issue, currently being referred to as "BroadAnywhere", is able to forge messages from any sender, crash or restart your device, or even completely wipe all data stored on the phone!

The crux of this flaw is that Android’s Settings app can transfer a parameter called PendingIntent to all third party apps, and these apps are then able to modify the contents of PendingIntent and then send it back to the system. Simply put, malicious apps can freely modify some settings of the device. This allows the malicious apps to do a lot of dangerous things.

How exactly might this issue affect you?

1. Devices could stop working

BroadAnywhere can cause the entire system to stop responding, turning your device into a paperweight for a while.

Functions will gradually cease to perform, and eventually the device will crash.

2. SMS content and its sender can be forged

Attackers can send messages to your device that appear to be from whoever they choose. For example, they could send a message that appears to be from your cousin, asking you to urgently deposit some money into a bank account…

3. All your data could be wiped

With BroadAnywhere, malicious apps are able to send a “com.google.android.c2dm.intent.RECEIVE” broadcast, which essentially means that the device will undergo a factory reset and will act the same as if you’d just bought it and taken it out of the box for the first time. All of your apps, photos, videos, contacts, messages and everything else will be gone.

Check out this POC Demo for the Android Broadanywhere Vulnerability for more details
Warning! Security Flaw Involving 99% of Phones
Blog > ContentNov 15, 2014

99% of Android users are susceptible to the new BroadAnywhere vulnerability!

A newly discovered vulnerability called BroadAnywhere could severely impact almost every Android user.

The recently launched Android 5.0 Lollipop has fixed a serious issue (Bug: 17356824), however, every version below 5.0 is still at risk. Currently, the number of people exposed could be as high as 99% of all Android users. This issue, currently being referred to as "BroadAnywhere", is able to forge messages from any sender, crash or restart your device, or even completely wipe all data stored on the phone!

The crux of this flaw is that Android’s Settings app can transfer a parameter called PendingIntent to all third party apps, and these apps are then able to modify the contents of PendingIntent and then send it back to the system. Simply put, malicious apps can freely modify some settings of the device. This allows the malicious apps to do a lot of dangerous things.

How exactly might this issue affect you?

1. Devices could stop working

BroadAnywhere can cause the entire system to stop responding, turning your device into a paperweight for a while. Functions will gradually cease to perform, and eventually the device will crash.

2. SMS content and its sender can be forged

Attackers can send messages to your device that appear to be from whoever they choose. For example, they could send a message that appears to be from your cousin, asking you to urgently deposit some money into a bank account…

3. All your data could be wiped

With BroadAnywhere, malicious apps are able to send a “com.google.android.c2dm.intent.RECEIVE” broadcast, which essentially means that the device will undergo a factory reset and will act the same as if you’d just bought it and taken it out of the box for the first time. All of your apps, photos, videos, contacts, messages and everything else will be gone.

Check out this POC Demo for the Android Broadanywhere Vulnerability for more details

https://www.youtube.com/watch?v=H05-6BoB4ng&feature=youtu.be

To protect against this vulnerability, please use Clean Master and CM Security, and ensure that they are fully updated. We have ensured that we are able to block malicious apps that try to use this vulnerability, and will continue monitoring this situation closely to ensure that our users are kept completely safe

I warn family friends etc i share it on your social networks

Does this affect kindles (are they even andriods btw)
If so im fucked

I hope it can't spread to Iphone5. I have ios 8.1 I think and the charger stopped charging. We have no idea if it is the phone or the charger :c

bepperluver a dit :

I hope it can't spread to Iphone5. I have ios 8.1 I think and the charger stopped charging. We have no idea if it is the phone or the charger :c

pretty sure an iphone isn't an android device.

personally don't use an android device, but i know some people who do @_@ shall tell them [size=9]eventually

Bepperluver a dit :

I hope it can't spread to Iphone5. I have ios 8.1 I think and the charger stopped charging. We have no idea if it is the phone or the charger :c

dude iphones/ipads/ipods arent androids

Anyways my parents are fucked since they have android phones

I have one of those Android phones smaller than your whole hand and it has "T-Mobile" labeled on the top
Does BroadAnywhere affect those?

E: Question here??? Can anyone answer

I have a samsung s duos. Halp.

i have a nexus 7 HELP ME LORDDDDD!!!!!!

I have a Samsung S.
Welp.

I can't find a credible source on this.

Title is misleading. It should be 99% of all Android phones, not 99% of phones.

dazdalolz a dit :

Title is misleading. It should be 99% of all Android phones, not 99% of phones.

ups sorry that I neglect

nvm.....

I see no sources cited??

rosuuri a dit :

I see no sources cited??

I googled this and I found a couple obscure sites and Chinese sites. Sorry, but I don't believe anything unless a trustworthy source (ie: Huff Post) is cited.

they copied the whole thing from here.

haruhitastic a dit :

rosuuri a dit :VoirMasquer

I see no sources cited??

Sorry, but I don't believe anything unless a trustworthy source (ie: Huff Post) is cited.

Agreed.

firebluestar a dit :

they copied the whole thing from here.

Thank you; dunno if I can believe this though.

Site's not too trustworthy imo.