The system that install eminent why by safety extremely is guest play called " the king of flaw " ? On June 6, "Technical peak meets AsiaSecWest international safety, the Asia stands " extremely guest " the most powerful head " gave out their solve. Come from safety to study a lab (Security Research Labs) chief scientist Karsten Nohl expresses: "Although An Zhuo is the operating system that is based on source software development, but to most user, the security of the system that install eminent still is a black box. The user is very little to safe patch understanding, must trust blindly the patch of mobile phone manufacturer, fall in most circumstance however, the patch ability of a lot of manufacturers that install eminent does not deserve credit. The patch ability of a lot of manufacturers that install eminent does not deserve credit..
Updating equipment of the system that install eminent is seasonable sex, errant popularity rate problem, became the issue of long-standing not only, still bury played tremendous safe hidden trouble. Recently, on malic developer congress, the seasonable sex of the updating equipment that install eminent, popularity rate the problem of this long-standing is pulled again below spotlight. Craig Federighi of senior vice president uses malic software project data " black " An Zhuo: "At present the malic user of 81% is using IOS11, under contrast, only the system installing eminent of 6% upgrades to newest version. " and be in early 2015, safe orgnaization F-Secure thinks, the baleful software of 99% regards attack object as Android; 2016, in the report that publishs in CVE Details, an Zhuocheng is annual flaw most system. Had rate and shipment volume to hold the absolutely sex dominant position of the market as what install eminent system, the device that uses the system that install eminent also more and more principal punching bag that make mobile and baleful software.
Install eminent equipment to uncover secret " safe black box " , karsten Nohl expresses: "We pass novel analytic method to search function feature in the sample book that compiles beforehand in great quantities, the patch of the system that install eminent that discovers in mobile phone or firmware file leakage is hit. According to logarithm the analytic result of firmware of 10 thousand mobile phones, the patch of the system that install eminent that we hit to leaking undertook investigate and be quantifyinged. " on the foundation that sums up in data, will with the An Zhuo closely related numerous user flaw problem undertook be discussinged once more.
Buddha of subordination of the department that install eminent fastens flaw expert to uncover secret safety black box
Be in early 2017, google announced the name is " Janus " An Zhuo flaw, this flaw can let aggressor bypass the whole and safe mechanism of the system that install eminent, undertake distorting to APP directly. 2018 the beginning of the year, the name is " applied clone " atttack minatory model to wait for means with page of code of short message, 2 dimension, news revulsive user undertakes consumptive behavior, paid treasure, hunger, Beijing east excellent wait for APP of edition of 27 An Zhuo in succession in action.
Compare with the systematic photograph such as apple, Windows, apparent to the protection of the user strength is not worth the system that install eminent, because of be opposite since its are long-term the negligence of security problem, it still still was obtained for a time " Buddha is safe " play says. Below the situation that rises increasingly in the user that install eminent, to this the settlement of one problem ought to carry program apparently.
On June 6, can go up in the AsiaSecWes summit that Hong Kong holds, chief scientist Karsten Nohl with " notice clearance: The not complete patch that analyses the system that install eminent " for speech text, the problem of the flaw that install eminent closely related the fundamental admiral that sums up in data and numerous much user undertook be discussinged once more.
The safe research lab of Yu Bailin of duty of predecessor of Karsten Nohl eye (Security Research Labs) , long-term and dedicated at information safety and protective domain, a lot of flaw of traffic system and mobile telephone ever had been revealed before this. Can go up in the peak, he passes novel analytic method to search function feature on the sample book that compiles beforehand in great quantities, and the patch of the system that install eminent that according to logarithm the analytic result of firmware of 10 thousand mobile phones hits to leaking undertook investigate and be quantifyinged.
Carry survey, karsten Nohl thinks, although An Zhuo is the operating system that is based on source software development, but to most user, the security of the system that install eminent still is a black box. The user is very little to safe patch understanding, must trust blindly the patch of mobile phone manufacturer, fall in most circumstance however, the patch ability of a lot of manufacturers that install eminent does not deserve credit.
Tecent safety is released extremely guest " 101 " the plan makes safe technology platform " Chinese example "
Actually, uncover secret to bring the safe black case of eminent system, just one of topics of AsiaSecWes summit meeting. Comparative PC times, after the mobile times that is platform of main operating system with IOS, An Zhuo comes, safe form becomes more austere. To answer more complex and changeful safe question, need of investigator of safety of business of mobile phone manufacturer, application development, network is various hand in hand, discussing, the safe crisis that the industry faces at present and solution think in communication.
AsiaSecWest is the platform of a such communication. Establish the CanSecWest 2000 is the biggest safe peak meets the whole world one of, be regarded as annual hall level activity by global hacker. Tecent is safe hand in hand CanSecWest established AsiaSecWest, those who call together a global tip is extremely safe guest, build a communication bridge, viewpoint of the look up before sharing and research achievement.
Can go up in this AsiaSecWest peak, share 13 whole worlds tip pole guest is attended, discussion theme include the usability of the craft gradual progress of safe domain, intermediate box reachs his the topic for discussion such as potential hidden danger. In the meantime, chief of lab of Xuan Wu of lab of Tecent safety combination mixes at Dragos Ruiu of notability of community of hacker of CanSecWest author, North America still released safety pole customer together " 101 " plan: "1 " the delegate upgrades build " one " the platform of camp of communication of technology of security of the west in be being broken thoroughly; "0 " delegate " 0 " communicate of the distance in the round; Final " 1 " represent make " one " drifting technical brand.
Pass this collaboration with CanSecWest, tecent safety hopes to make safety of news of top class network of a world technical communication platform, technology of hacker of the west in building communicates bridge, be dedicated to driving China to become vane of technology of international information security, it is the form of qualified personnel of technology of global information security that includes China inside to build to show the arena of breakthrough of forward position technology and application thereby, while for Chinese network safety zoology builds infuse globalization eye shot, the information that advocates China and even whole world actively brings form of whole new life, also made for platform of communication of global security technology " Chinese example " .
