Google to Acquire GraphicsFuzz

Company which is engaged in the search for vulnerabilities in the graphics drivers for Android
07 August 2018   773

Google acquired the GraphicsFuzz, which is engaged in the search for vulnerabilities in the graphics drivers for Android. The announcement of the purchase appeared on the main page of the site last. The representative of the IT giant also confirmed the completion of the deal, but did not name its value.

The method of driver testing was invented by researchers from the Faculty of Computing Technology at Imperial College London. It includes fuzzing, with which the vulnerability check is performed by the transfer of intentionally incorrect values, as well as a metamorphic technique that confirms the successful or unsuccessful passing of the test. A detailed description of the technology is published on the project website.

So, in April 2018, the GraphicsFuzz team discovered a vulnerability in the Adreno 630 graphics accelerator. It allowed to remotely reset the Samsung Galaxy S9 smartphone with the Snapdragon 845 processor.

The company hopes that the technology will help to find and fix vulnerabilities in GPUs before they are exploited by intruders.

The deal became known on the day of release of the final version of Android 9 Pie. The updated system has acquired the function Adaptive Battery, which uses machine learning to reduce energy consumption.

Vulnerabilities to be Found in Android & Google Photo

As reported, they are already patched, but affected millions of users around the world
21 March 2019   95

Detected bugs in Android and Google Photos, which led to data leaks. They are already patched, but affected millions of users around the world.

The Android vulnerability was covered in the WebView component and affected all versions of Android from 4.4 and above. WebView allows you to embed web browsing into an Android application and was originally part of Chromium. This means that the vulnerability applies not only to the mobile version of Chrome, but to all Android browsers based on this engine.

Using a vulnerability in WebView, an attacker could gain access to user accounts, browser history and other data.

It turns out that the web version of the Google Photo service revealed user data when attacking via third-party channels. An attacker can get the metadata of the photos, as well as information about where the picture was taken.