Year-Old Android Security Flaw Puts Millions at Risk

Nearly half (49.5 percent) of all Android phones are still vulnerable to a security bug that allows attackers to modify or replace a seemingly benign app with malware without users' knowledge, according to a blog post written by researchers at Palo Alto Networks. Despite the fact that the security researchers first discovered the flaw a year ago, some vendors' distributions of Android 4.3 still contain the vulnerability.

The Palo Alto Networks research team that discovered the flaw has already alerted vendors about the vulnerability, including Google, Amazon and handset manufacturers like Samsung. When the exploit was first discovered in January 2014, more than 89 percent of Android devices were vulnerable to the attack. Android 4.4 has since been upgraded to fix the flaw.

Malware with Arbitrary Permissions

Nonetheless, many phones that continue to run older versions of Android remain at risk. The security researchers said they were able to successfully execute the attack, dubbed EUAndroid installer hijacking,EU on phones such as SamsungEUs Galaxy S4. Palo Alto Networks' researchers said that they have made an app available on the Google Play store that can scan a phone for the vulnerability. The team has also made the app open source and posted the code on a Github repository.

Enterprises concerned about the flaw can take several steps to mitigate their risk. Palo Alto Networks recommended that organizations withhold permission from apps seeking to access logcat, a system log that can be used to simplify and automate the exploit.

IT departments can further protect their systems by preventing employees from using rooted devices. Rooted devices give users full access to the entire operating system, enabling them to access special types of apps that require root permissions. Although the exploit does not require a rooted device to work, such devices are more vulnerable.


Comments are closed.