[KB134475] Design-origniated problems cause LeiDian 9 to behave with security issues
5 views
Skip to first unread message
User
<316433938@qq.com>Apr 7, 2023, 12:28:18 PM4/7/23
to a-pl@googlegroups.com, liaochina@groups.io
This article outlines some current issues in LeiDian 9, an Android phone simulator software, which can cause several security issues to exist. Users should be aware of these security problems if they're about to put the software into production use.
==================================================
I. Security Issues That Can Damage The Android System
==================================================
There are several security issues that can damage the security protections of the Android system on virtual LeiDian 5 device instances. For example, LeiDian 9 might damage configuration files that control Android parameters including Android ID, for instances a user's hard drive has no free spaces left out, and generates a new configuration file with a random Android ID to apply to the virtual device the next time it starts, damaging the security boundaries between important security components. Outdated security patches might also significantly reduce the security levels of LeiDian virtual devices.
=====================================
II. Executable Codes On-host Not Guaranteed
=====================================
Backed by a Chinese company, formulated by "geeks" as promoted on their official website, the company "Xuanzhi" has its development base in Shanghai, which the security of its IT products remains questionable. From machine code inspection, LeiDian 9 is very similar to BigNox VM, as they both derivered from Genymotion, the after one has been confirmed to have automatic updates added as a backdoor allowing its vendor to remotely load driver modules to users' computers.
Even though for the protection measures such as for preventing network flow leakages and for managing superuser access are designed in LeiDian 9 devices, the root of trust has not been laid out to properly handle and protect the integrity of both the host and guest machines, and for protecting the interoperability of the host-to-guest interface. As the result, the commercial use of LeiDian 5 should be seriously considered.
=========
Summary
=========
The commercial use of LeiDian 5 should be considered in a serious process of discretion, and systems running this software should be protected against any possible data leakages. The running virtual devices should not be considered to be reliable and any data loss should be considered and extra protections may be conducted in a case where the product is used for such applications.
==================================================
I. Security Issues That Can Damage The Android System
==================================================
There are several security issues that can damage the security protections of the Android system on virtual LeiDian 5 device instances. For example, LeiDian 9 might damage configuration files that control Android parameters including Android ID, for instances a user's hard drive has no free spaces left out, and generates a new configuration file with a random Android ID to apply to the virtual device the next time it starts, damaging the security boundaries between important security components. Outdated security patches might also significantly reduce the security levels of LeiDian virtual devices.
=====================================
II. Executable Codes On-host Not Guaranteed
=====================================
Backed by a Chinese company, formulated by "geeks" as promoted on their official website, the company "Xuanzhi" has its development base in Shanghai, which the security of its IT products remains questionable. From machine code inspection, LeiDian 9 is very similar to BigNox VM, as they both derivered from Genymotion, the after one has been confirmed to have automatic updates added as a backdoor allowing its vendor to remotely load driver modules to users' computers.
Even though for the protection measures such as for preventing network flow leakages and for managing superuser access are designed in LeiDian 9 devices, the root of trust has not been laid out to properly handle and protect the integrity of both the host and guest machines, and for protecting the interoperability of the host-to-guest interface. As the result, the commercial use of LeiDian 5 should be seriously considered.
=========
Summary
=========
The commercial use of LeiDian 5 should be considered in a serious process of discretion, and systems running this software should be protected against any possible data leakages. The running virtual devices should not be considered to be reliable and any data loss should be considered and extra protections may be conducted in a case where the product is used for such applications.
Reply all
Reply to author
Forward
0 new messages