[New App] X-Ray For Android Scans Your Device For Root Vulnerabilities, Unfortunately

Search This thread
By:
Advanced…
NOMIOMI

NOMIOMI

Senior Member
Nov 4, 2010
1,357
1,287
Abbottabad

We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.
X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more.
It's extremely easy to use: simply install it and run a scan. It will run through each exploit in a matter of minutes and display whether or not the device is vulnerable

Ultimately, it's good to know what exploits, if any, your device is vulnerable to. The more you know, the easier it is to keep your device protected.
X-Ray is completely free (but not in the Play Store)

here is download lin

http://www.xray.io/
 
  • Like
Reactions: asia559571, thippesh, maej72 and 17 others
D

Deleted member 2072940

Guest
X-Ray author here, happy to answer any questions folks have!

---------- Post added at 05:13 PM ---------- Previous post was at 05:08 PM ----------

For reference, Duo Security is the company behind X-Ray: duosecurity.com

We've do a fair bit of Android security research, if that helps lend to the credibility of the app. blog.duosecurity.com/category/android/

I figured out this thread subscription crud (/me is xda n00b), so I'll hopefully be able to reply to any questions.

EDIT: Gah, I can't post links since my account is too new. Just copy-paste if you're interested. ;)
 
  • Like
Reactions: edbertin
S

satish1986

Member
Mar 1, 2012
26
0
Marshfield,WI
i installed this app on my phone. All it does is turns my phone off when i press scan.

I am currently on android 4.0.3 UHLPS (ICS) with Siyah Kernal 3.4. Is this unique to my phone ?
 
brainard52

brainard52

Senior Member
Aug 11, 2011
600
41
I'll download and install. Let you know how it goes :D I'm using my Xperia Play R800x on official CM9 RC2 with the official kernel. Hope I can help.

As was expected, no vulnerabilities. The CM team is awesome :p
 
Last edited:
edbertin

edbertin

Senior Member
May 18, 2012
467
129
jonojono said:
X-Ray author here, happy to answer any questions folks have!

---------- Post added at 05:13 PM ---------- Previous post was at 05:08 PM ----------

For reference, Duo Security is the company behind X-Ray: duosecurity.com

We've do a fair bit of Android security research, if that helps lend to the credibility of the app. blog.duosecurity.com/category/android/

I figured out this thread subscription crud (/me is xda n00b), so I'll hopefully be able to reply to any questions.

EDIT: Gah, I can't post links since my account is too new. Just copy-paste if you're interested. ;)
Click to expand...
Click to collapse

See on CM foruns that a user running CM9 has mempodroid vulnerability, i think this will occurs to all users that are using this custom rom, right?

What we need to worry about Memopdroid Vulnerability on CM9 Stable release?

Thank you in advance
 
Last edited:
anonymous-x

anonymous-x

Senior Member
Jan 27, 2010
65
3
FL
Thanks Rep, great to have, Xoom is OK but the D3 is vunerable w/Gingerbreak. No problem,I'll take care of that. Your XRay showed this so to all this is an item worth having.
 
stevengw

stevengw

Senior Member
Dec 17, 2010
266
38
Re: download: possible so that visitors to your site main page click on download the apk downloads? why have them type in xray.io/dl?

anyway, downloaded and installed on HTC one X running ARHD 9.1.
Nothing found!

2012-08-14%2000.29.35.png
 
  • Like
Reactions: orangemerc
A

arpruss

Senior Member
Jul 3, 2010
909
434
pruss.mobi
You might want to check for motofail, the debugfs vulnerability (it wouldn't surprise me if it affects every device) as well as the Galaxy vulnerabilities that I plan to announce on the Full Disclosure mailing list on Wednesday night (I told Samsung I would give them two weeks head start, and reported the vulnerabilities to them).
 
gljiva

gljiva

Member
Mar 28, 2012
44
9
43
My device is also Vulnerable on Mempodroid
 

Attachments

  • Screenshot_2012-08-15-01-01-20.jpg
    Screenshot_2012-08-15-01-01-20.jpg
    28.1 KB · Views: 475
Last edited:
  • Like
Reactions: leeomendes
G

Ghelfalath

Senior Member
Jan 10, 2011
61
19
Vila Nova de Gaia
From McAfee:

Risk Assessment: Home Low | Corporate Low
Date Discovered: 28-03-2012
Date Added: 03-04-2012
Origin: N/A
Length: N/A
Type: Vulnerability
Subtype: PDA Device
DAT Required: N/A
Removal Instructions


Overview
Description: Exploit/MempoDroid.B is an exploit to get root privileges on Android devices with Linux kernel 2.6.39 or above.
Indication of Infection: Exploit a privilege escalation vulnerability in a memory management component of the Linux kernel
Methods of Infection: This exploit requires that the user intentionally copy the Exploit/MempoDroid.B native binary in the device and execute it with the required parameters. Users should not install rooting tools from unknown sources.

Virus Characteristics
Exploit/MempoDroid.B is a port to Android of an exploit for the Linux kernel 2.6.39 (Galaxy Nexus and ASUS Transformer Prime) or above that takes advantage of a vulnerability in the component /proc/pid/mem that an interface for reading and writing directly in the process memory.
In order to root the device, Exploit/MempoDroid.B requires a setuid program (“run-as”) that writes something deterministic to a file descriptor. Also Exploit/MempoDroid.B requires the offsets of the functions exit() and setresuid() as a parameters along with a program to spawn as root like for example “sh”.
Click to expand...
Click to collapse


Is it reason to be worried? :)
 
You must log in or register to reply here.

Similar threads

Guitarfreak26
Post your desktop!!
Replies
11K
Views
3M
Z
zhudm66
L
[ROOT APP] Updated: 13/09/12 - Samsung Quick Root v1.8.3 - One Click Root & UnRoot!
Replies
493
Views
1M
B
BustedKnuckles85
O
[KERNEL] Insecure Kernels for use with rooting
Replies
611
Views
1M
R
rkreza
Vertumus
  • Poll
[THEME]ICS DOMINATION v4.6.4*DIVINE(12.10.2013.)VRT*ODEX/DEODEX*Icon Pack*APPS*Update
Replies
16K
Views
3M
OGroteKoning
OGroteKoning
Intratech
[ROMS]Official i9100 carrier branded firmware download for Odin Flash
Replies
1K
Views
1M
X
Xander20190

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 20
    NOMIOMI
    NOMIOMI

    We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.
    X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more.
    It's extremely easy to use: simply install it and run a scan. It will run through each exploit in a matter of minutes and display whether or not the device is vulnerable

    Ultimately, it's good to know what exploits, if any, your device is vulnerable to. The more you know, the easier it is to keep your device protected.
    X-Ray is completely free (but not in the Play Store)

    here is download lin

    http://www.xray.io/
    View
    1
    D
    Deleted member 2072940
    X-Ray author here, happy to answer any questions folks have!

    ---------- Post added at 05:13 PM ---------- Previous post was at 05:08 PM ----------

    For reference, Duo Security is the company behind X-Ray: duosecurity.com

    We've do a fair bit of Android security research, if that helps lend to the credibility of the app. blog.duosecurity.com/category/android/

    I figured out this thread subscription crud (/me is xda n00b), so I'll hopefully be able to reply to any questions.

    EDIT: Gah, I can't post links since my account is too new. Just copy-paste if you're interested. ;)
    View
    1
    stevengw
    stevengw
    Re: download: possible so that visitors to your site main page click on download the apk downloads? why have them type in xray.io/dl?

    anyway, downloaded and installed on HTC one X running ARHD 9.1.
    Nothing found!

    2012-08-14%2000.29.35.png
    View
    1
    gljiva
    gljiva
    My device is also Vulnerable on Mempodroid
    View

New posts