Home
Mobiles
Mobiles News
Lenovo Vibe Phones Affected by Critical Vulnerability Spotted by FireEye's Mandiant

Lenovo Vibe Phones Affected by Critical Vulnerability Spotted by FireEye's Mandiant

By Tasneem Akolawala | Updated: 30 June 2017 18:36 IST

Highlights

Research firm Mandiant informed Lenovo about this last year
The fix is now available for select Vibe phones
It is recommended that you download the security patch soon

American cyber-security firm FireEye, specifically its Mandiant unit, discovered a critical vulnerability in the Lenovo Vibe P1 smartphone last year that allowed hackers to gain root access to the smartphone. The company informed Lenovo about it soon after, and now a security fix has finally been rolled out to compatible phones.

Lenovo has acknowledged the vulnerability, and it notes that the flaw "allows the user or an attacker with physical possession of a device that is not protected with a secure lock screen, e.g. PIN/ Password, to elevate privileges to the root user (commonly known as 'rooting' or 'jailbreaking' a device) with the ability to modify the device’s operation and functionality in myriad ways.” The fix has been rolled out to a subset of Lenovo Vibe phones, and it is recommended to be installed immediately, specifically on smartphones running on versions earlier than Android 6.0 Marshmallow.

The Chinese consumer electronics giant has also noted some mitigation strategies for users with older Android versions, and this includes disabling the Android Debug Bridge option from the Android Developer Options menu on the smartphone. They’ve also urged these users to enable lock screen authentication mechanisms like a PIN or password protection.

If you own a Lenovo Vibe phone, check for an update by heading to Settings > About Phone > System updates. All the affected devices are listed here. There are also a number of listed phones that don’t have any software fix, and they are forced to only resort to mitigation strategies listed above.

For this exploit to work, physical access to the device is necessary, therefore you may not see the exploit "in the wild". However, as privacy is paramount, it is recommended to update compatible devices to the most recent software package or protect their devices using strong lock screen settings.

Lenovo Vibe P1

REVIEW
KEY SPECS
NEWS
Variants

Design
Display
Software
Performance
Battery Life
Camera
Value for Money

Good
Great battery life
Good performance and features
Improved software
Decent display

Bad
Heavy and aesthetically average
Camera has some problems
Fingerprint sensor is limited in function

Read detailed Lenovo Vibe P1 review

Display 5.50-inch

Processor Qualcomm Snapdragon 615

Front Camera 5-megapixel

Rear Camera 13-megapixel

RAM 2GB

Storage 32GB

Battery Capacity 4900mAh

OS Android 5.1.1

Resolution 1080x1920 pixels

More Lenovo mobiles Lenovo mobiles price in India

Choose a variant

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.