MVD stands for Mobile Vulnerability Database, a unique place to know about vulnerabilities reported worldwide for Mobile Platforms. A user can browse through vulnerabilities specific to his/her mobile platform and the particular version. Varutra MVD has been launched with an objective to give a common place for mobile users to get acquainted with what vulnerabilities are existent on their devices. User can choose to receive specific vulnerability details as a report via Email.
User can register with their Name and Email ID on Register for Vulerability Report and then select the required platform and version to receive the report. We are implementing a module where once register user will get automatic updates for any new vulnerabilities gets reported in the platform and version chosen by the user.
At present MVD covers major mobile smartphone platforms such as Android, Blackberry, iOS and Windows Phone.
KALP Varutra ID (KVID) is a unique number assigned to each reported vulnerability maintained in the MVD database by Varutra team.
E.g. KVA01 for Android, KVB01 for Blackberry, KVI01 for iOS and KVW01 for Windows Phone
Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities maintained by the MITRE Corporation. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this "common enumeration."
CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores can range from 0.0 (no vulnerability) to 10.0 (critical). E.g. BlackBerry uses CVSS in vulnerability assessments to present an immutable characterization of security issues. BlackBerry assigns all relevant security issues a non-zero score. Customers performing their own risk assessments of vulnerabilities that may impact them can benefit from using the same industry-recognized CVSS metrics.
An information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.
A smartphone mobile operating system released by Google in 2008. Android powers over 1 billion smartphones and tablets. Android version is named after a dessert: Cupcake, Donut, Eclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, and Jelly Bean. Latest is Oreo(2018).
iOS (previously iPhone OS) is a mobile operating system developed and distributed by Apple Inc. Originally unveiled in 2007 for the iPhone, it has been extended to support other Apple devices such as the iPod Touch (September 2007), iPad (January 2010), iPad Mini (November 2012) and second-generation Apple TV (September 2010).
The BlackBerry is a line of wireless handheld devices and services designed and marketed by BlackBerry Limited, formerly known as Research In Motion Limited (RIM). The first BlackBerry device, an email pager, was released in 1999.[3] The most recent BlackBerry devices are the Z30, Z10, Q10 and Q5.
Windows Phone (abbreviated as WP) is a series of proprietary smartphone operating systems developed by Microsoft. It is the successor to Windows Mobile.
The acronym of DOS is Denial of Service. It is a malicious attempt to make server or a network resource unavailable to its users. It is generally done by a single internet connection to flood the resource with a large number of packets.
The acronym of DDOS is Distributed Denial of Service. It is a malicious attempt to make server or a network resource unavailable to its users. It is generally done by many devices and multiple internet connections to flood the resource with large number of packets.
Remote code execution or Arbitrary code execution is a vulnerability which allow attacker to execute malicious code and commands in the affected host or server.
Cross Site Scripting (XSS) vulnerability allows the attacker to insert a malicious scripts into the application. It leads to account hijack.
When a program attempts to put more data in a buffer than its capacity then, Buffer overflow occurs. It can corrupt the data and leads to remote code execution.
Application transmits the login credentials to the server with out encrypting them. It is possible to sniff the traffic and to read them.
Escalating the allowed privileges in the application to other than they are normally allowed to the user. Like getting super user privileges for a normal user.
When contents of a memory location are unintentionally modified due to programming errors. Usage of the corrupted memory contents leads to program crash.
The man-in-the middle attack intercepts a communication between two systems. Attacker may able to capture the communication and is even able to add his own data.
Maintaining and assuring the accuracy and consistency of data over its entire life-cycle. It means the data cannot be modified in an unauthorized or undetected manner.
Preventing the disclosure of sensitive information to unauthorized persons or systems.
The information must be available when it is needed. The communication channels used to access the data must be functioning correctly.