OEMs like Samsung and HTC run heavily customized versions of Android. Unfortunately, the OEM patch deployment infrastructure is disorganized and too often end users are left exposed for large periods of time.
The aim of NowSecure’s Android Vulnerability Test Suite (Android VTS) is to educate users about the health of their devices and show the attack surface that a given device presents.
The Android VTS currently checks for the following:
- CVE-2011 1149 / PSNueter / Ashmem Exploit
- CVE-2013-6282 / put/get_user
- CVE-2014-3153 / Futex bug / Towelroot
- CVE-2014-3847 / WeakSauce
- CVE-2014-4943 / L2TP
- CVE-2015-1528 / GraphicsBufferOverflow
- CVE-2015-3636 / PingPong root
- Jar Bug 13678484 / Android FakeID
- Samsung WifiCredService remote code execution
- Stagefright bugs
- x509 Serialization bug
- ZipBug 8219321 / Master keys
- ZipBug 9695860
- ZipBug 9950697
The tool is now available on Google Play and GitHub.