Chapter 208 Loopholes in the Two Major Systems
“Welcome everyone. Before the meeting begins, our company has prepared a report sheet for all partners and friends to summarize past achievements.”
Dong Qi appeared in front of the stage and said this.
Yu Chengdong looked at him in surprise.
“The boy won’t come out?”
Muttering in his mind, his attention was attracted by the content on the big screen behind Dong Qi.
“Due to the particularity of the open source Android system, users can bypass all application security supervision mechanisms and install applications by themselves.
When our company conducts a comprehensive security inspection on Android mobile applications Discovered:
Client-Side Vulnerabilities
60% of the vulnerabilities are client-side
89% of vulnerabilities can be exploited without physical access.
56% of vulnerabilities can be exploited without administrator privileges.
Server-side vulnerabilities
Server-side component vulnerabilities can exist both in application code and in application protection mechanisms.
Our company has fixed and optimized the following issues in the latest [Boundary Monument] update in 2019.
Insufficient transport layer security problem.
Encrypt and protect sensitive communications while ensuring the integrity and secure transmission of information. All connections that require authentication are encrypted.
Application cache data security measures are lacking.
User-owned sensitive data can be leaked from the application cache through the main application code or third-party frameworks. Devices can easily be lost or stolen; many users do not lock their devices. An attacker with direct access to the physical device can view the cached data.
[Boundary Monument] The threat model created based on hundreds of billions of attacks on the mobile Internet platform can prevent this situation from happening.
User social software data cache, keyboard key cache, logging, copy or paste cache, application background, and browser cookie objects are all protected.
Administrator rights are causing problems.
In 2017 and 2018, [Jiemen] cooperated with major mobile phone manufacturers and fixed the loopholes through the mobile phone system as follows:
After the mobile phone system was updated, it became impossible to connect to Bluetooth.
Mobile network correction traffic always times out but the text message has been sent.
The storage space is sufficient, but when installing the application, it shows that there is insufficient memory.
After system update, the resolution and font display are wrong.
The firmware update caused this malfunction.
......
The long list of vulnerability repair reports, as well as the last statistical table summarizing the vulnerability data of Android mobile phone systems, deeply shocked all mobile phone manufacturers present.
Among them, manufacturers that have not received the exclusive optimization of [Boundary Monument] have seen some errors that often occur in their own mobile phone systems in these loopholes.
The atmosphere in the conference room suddenly became dull.
Gaoxi Zhen was full of energy when he arrived, but when this report came out, his expression instantly darkened.
Especially in the end, when it comes to power control loopholes in mobile phone systems and screen display problems, they are all poking at the weaknesses of Korean stars. He could even hear the R&D personnel of Jiuzhou Technology Company saying at work: "Without our [Boundary Monument], what is the use of your Hanxing system? Look at the leaks, you can't even repair them, I'm afraid there will be more Fry several times.”
The open source of Android system has brought tens of thousands of programmers to enrich its functions, and also brought countless loopholes and BUGs.
Android mobile phone manufacturers are all aware of these problems, and naturally other executives of Cuco and Pingguo are also aware of them.
Their expressions are very interesting. Although their eyes are very serious, the curvature of the corners of their mouths from time to time represents the activities in their hearts, not the seriousness shown on their faces.
It’s just that this expression didn’t last long before disappearing.
“Although Pingguo Company has only cooperated with our company for one year, our software engineering department has also repaired many loopholes for Pingguo Company’s Pingguo system. Due to strict protection, our company cannot repair deep system vulnerabilities, but it has also indirectly repaired the vulnerabilities through external constraints.”
Dong Qi's business-like speech made some Pingguo executives who knew the internal secrets of their own system stop breathing.
Subsequently, the content on the big screen also confirmed that what Dong Qi said was true.
There is a vulnerability in the FaceTime software in the IOS12.1.3 system version: when the user uses this function to call, the other party's voice can be heard before the other party answers the call or refuses to listen. When the user presses the power button button, the phone will even activate the camera and send it to the other party's phone.
During the system migration and upgrade process, old vulnerabilities that had been patched were cracked again, causing users' mobile phones to repeatedly check the devices connected to them.
When the user calls Siri, the mobile phone system will automatically monitor and store the voice sound waves of the current environment. After receiving an unknown signal, the camera can even be activated in a black screen state.
...
Robbing someone’s underwear, maybe that’s what it means.
Except for Pingguo Company, the other executives present all looked at Pingguo Kuco's position.
If some media published this, they wouldn't be worried, because this kind of "pingguo loophole" news would have been spread all over the streets.
But if Jiuzhou Technology Company announced this vulnerability, they would not be able to sit idly by and ignore it.
Perhaps they were dissatisfied with Jiuzhou Technology Company's public relations and [Boundary Monument] business changes.
But they admire Jiuzhou Technology Company's system optimization and vulnerability repair capabilities, otherwise there would be no reason for some mobile phone manufacturers to postpone development in this area.
At this moment, the content of the report presented by Jiuzhou Technology Company simply told them clearly: the Pingguo system can be controlled by some forces and used as a spy tool.
How can this be allowed?
Just imagine, when they are holding a confidential meeting or a highly confidential business meeting internally, as long as one person brings a Pingguo mobile phone to the meeting, it means that there may be a third-party force involved in the meeting. monitor.
That's a damn confidential meeting!
Kuco’s expression was uncertain, but the shadows under his deep eye sockets made many people break into cold sweats.
Time seems to have stood still.
After a while, he smiled bitterly and said: "Alas, these loopholes were created when the system architecture was originally built. Now as the system becomes more and more complex, it is difficult to repair.
I am very grateful to Jiuzhou Technology Company for its help in making our system more secure. For 200 million US dollars, I can purchase this service. On behalf of Pingguo Company, I would like to express my sincere gratitude. ”
Although Kuko's expression is relatively calm, some people with keen intuition have found that Kuko's language is a bit cumbersome and even has a grammatical disorder.
Dong Qi was on the stage. He pinched his thigh with his left hand behind the table, wiped the sweat from his palm, and then nodded slightly and said: "Pingguo Company is our company's [Boundary Monument] project. As a partner, our company will naturally provide you with the same high-quality services as other partners.”
PS: The content of this book is purely fictional, please do not over-interpret it.
Thank you all for your recommendation and monthly votes, and I wish you all a happy Mid-Autumn Festival~
(End of this chapter)