[New App] X-Ray For Android Scans Your Device For Root Vulnerabilities, Unfortunately

Search This thread

NOMIOMI

Senior Member
Nov 4, 2010
1,315
1,270
Abbottabad

We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.
X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more.
It's extremely easy to use: simply install it and run a scan. It will run through each exploit in a matter of minutes and display whether or not the device is vulnerable

Ultimately, it's good to know what exploits, if any, your device is vulnerable to. The more you know, the easier it is to keep your device protected.
X-Ray is completely free (but not in the Play Store)

here is download lin

http://www.xray.io/
 

jonojono

Member
Oct 7, 2009
5
8
X-Ray author here, happy to answer any questions folks have!

---------- Post added at 05:13 PM ---------- Previous post was at 05:08 PM ----------

For reference, Duo Security is the company behind X-Ray: duosecurity.com

We've do a fair bit of Android security research, if that helps lend to the credibility of the app. blog.duosecurity.com/category/android/

I figured out this thread subscription crud (/me is xda n00b), so I'll hopefully be able to reply to any questions.

EDIT: Gah, I can't post links since my account is too new. Just copy-paste if you're interested. ;)
 
  • Like
Reactions: edbertin

brainard52

Senior Member
Aug 11, 2011
600
41
I'll download and install. Let you know how it goes :D I'm using my Xperia Play R800x on official CM9 RC2 with the official kernel. Hope I can help.

As was expected, no vulnerabilities. The CM team is awesome :p
 
Last edited:

edbertin

Senior Member
May 18, 2012
466
128
X-Ray author here, happy to answer any questions folks have!

---------- Post added at 05:13 PM ---------- Previous post was at 05:08 PM ----------

For reference, Duo Security is the company behind X-Ray: duosecurity.com

We've do a fair bit of Android security research, if that helps lend to the credibility of the app. blog.duosecurity.com/category/android/

I figured out this thread subscription crud (/me is xda n00b), so I'll hopefully be able to reply to any questions.

EDIT: Gah, I can't post links since my account is too new. Just copy-paste if you're interested. ;)

See on CM foruns that a user running CM9 has mempodroid vulnerability, i think this will occurs to all users that are using this custom rom, right?

What we need to worry about Memopdroid Vulnerability on CM9 Stable release?

Thank you in advance
 
Last edited:

anonymous-x

Senior Member
Jan 27, 2010
65
3
FL
Thanks Rep, great to have, Xoom is OK but the D3 is vunerable w/Gingerbreak. No problem,I'll take care of that. Your XRay showed this so to all this is an item worth having.
 

stevengw

Senior Member
Dec 17, 2010
266
38
Re: download: possible so that visitors to your site main page click on download the apk downloads? why have them type in xray.io/dl?

anyway, downloaded and installed on HTC one X running ARHD 9.1.
Nothing found!

2012-08-14%2000.29.35.png
 
  • Like
Reactions: orangemerc

arpruss

Senior Member
Jul 3, 2010
849
414
pruss.mobi
You might want to check for motofail, the debugfs vulnerability (it wouldn't surprise me if it affects every device) as well as the Galaxy vulnerabilities that I plan to announce on the Full Disclosure mailing list on Wednesday night (I told Samsung I would give them two weeks head start, and reported the vulnerabilities to them).
 

Ghelfalath

Senior Member
Jan 10, 2011
61
19
Vila Nova de Gaia
From McAfee:

Risk Assessment: Home Low | Corporate Low
Date Discovered: 28-03-2012
Date Added: 03-04-2012
Origin: N/A
Length: N/A
Type: Vulnerability
Subtype: PDA Device
DAT Required: N/A
Removal Instructions


Overview
Description: Exploit/MempoDroid.B is an exploit to get root privileges on Android devices with Linux kernel 2.6.39 or above.
Indication of Infection: Exploit a privilege escalation vulnerability in a memory management component of the Linux kernel
Methods of Infection: This exploit requires that the user intentionally copy the Exploit/MempoDroid.B native binary in the device and execute it with the required parameters. Users should not install rooting tools from unknown sources.

Virus Characteristics
Exploit/MempoDroid.B is a port to Android of an exploit for the Linux kernel 2.6.39 (Galaxy Nexus and ASUS Transformer Prime) or above that takes advantage of a vulnerability in the component /proc/pid/mem that an interface for reading and writing directly in the process memory.
In order to root the device, Exploit/MempoDroid.B requires a setuid program (“run-as”) that writes something deterministic to a file descriptor. Also Exploit/MempoDroid.B requires the offsets of the functions exit() and setresuid() as a parameters along with a program to spawn as root like for example “sh”.


Is it reason to be worried? :)
 

Top Liked Posts

  • There are no posts matching your filters.
  • 20

    We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.
    X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more.
    It's extremely easy to use: simply install it and run a scan. It will run through each exploit in a matter of minutes and display whether or not the device is vulnerable

    Ultimately, it's good to know what exploits, if any, your device is vulnerable to. The more you know, the easier it is to keep your device protected.
    X-Ray is completely free (but not in the Play Store)

    here is download lin

    http://www.xray.io/
    1
    X-Ray author here, happy to answer any questions folks have!

    ---------- Post added at 05:13 PM ---------- Previous post was at 05:08 PM ----------

    For reference, Duo Security is the company behind X-Ray: duosecurity.com

    We've do a fair bit of Android security research, if that helps lend to the credibility of the app. blog.duosecurity.com/category/android/

    I figured out this thread subscription crud (/me is xda n00b), so I'll hopefully be able to reply to any questions.

    EDIT: Gah, I can't post links since my account is too new. Just copy-paste if you're interested. ;)
    1
    Re: download: possible so that visitors to your site main page click on download the apk downloads? why have them type in xray.io/dl?

    anyway, downloaded and installed on HTC one X running ARHD 9.1.
    Nothing found!

    2012-08-14%2000.29.35.png
    1
    My device is also Vulnerable on Mempodroid
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone