SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
24 Mar 2016

Android rooting bug opens Nexus phones to permanent device compromise

Millions of Android phones, including the entire line of Nexus models, are vulnerable to attacks that can execute malicious code and take control of core functions almost permanently, Google officials have warned.

The officials have already uncovered one unidentified Google Play app that attempted to exploit the vulnerability, although they said they didn't consider the app to be doing so for malicious purposes. They are in the process of releasing a fix, but at the moment any phone that hasn't received a security patch level of March 18 or later is vulnerable.

The flaw, which allows apps to gain nearly unfettered "root" access that bypasses the entire Android security model, has its origins in an elevation of privileges vulnerability in the Linux kernel. Linux developers fixed it in April 2014 but never identified it as a security threat. For reasons that aren't clear, Android developers failed to patch it even after the flaw received the vulnerability identifier CVE-2015-1805 in February 2015.

"An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel," an Android security advisory published Friday stated. "This issue is rated as a critical severity due to the possibility of a local permanent device compromise and the device would possibly need to be repaired by re-flashing the operating system."

Google officials went on to say they are aware of at least one application that was available both within and outside of the official Play market place that exploited the vulnerability. Many users willingly install such rooting apps to give their phones capabilities that wouldn't be possible otherwise. Still, as reported in October, the root exploits pose a danger to the entire Android user base, even when used openly by app developers to provide added functionality. Late last year, researchers from security firm Lookout found malicious apps available in a third-party market that exploited unpatched rooting vulnerabilities to make them extremely difficult for average users to uninstall.

Google said its Play marketplace prohibits rooting apps. Company officials also attempt to curb the installation of such apps available in other forums through use of the verify apps feature. Friday's advisory didn't identify the app that was exploiting the vulnerability except to say it was publicly available, both within and outside of Play, and worked on Nexus 5 and Nexus 6 phones.

The vulnerability is present in all Android releases that use Linux kernel versions 3.4, 3.10, and 3.14. That includes all Nexus phones, as well as a large number of handsets marketed under major manufacturer brands. Android releases that use kernel versions 3.18 or higher aren't susceptible.

Readers with a vulnerable phone should carefully consider the risks before knowingly installing a rooting app that exploits the flaw. They should also avoid apps available in third-party marketplaces, since they are more likely to host apps that exploit the vulnerability maliciously and without warning, and be on the lookout for updates in the coming weeks or months that patch the underlying security hole. The good news is that the flaw requires a local exploit, making remote drive-by Web attacks infeasible if not impossible.

Tags:
Android information leaks
Source:
Ars Technica
2197
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015