The QuadRooter flaws would all require malicious apps to be downloaded to the device (a common occurrence) after which any of them take over the handset after tricking users into privilege escalation as well as access data and GPS location.
To confirm the worst, users can download an app from the Play Store that checks individual handsets to see whether they are affected. Users should assume the answer is affirmative.
The ‘Certifi-gate’ mRST flaw
Made public: August 2015, Severity: 3/5, Versions affected: up to Android 5.1 Fixed? Not yet – phone makers will have to update support plug-ins
Discovered by Check Point, this is a flaw in two mobile Remote Support Tool plug-ins used by many handset makers, including Samsung, LG, HTC, Huawei and ZTE running Android versions up to 5.1. Attackers could exploit it by sneaking a bogus app onto a phone which exploits the flaw in a way that elevates the attacker’s permissions. From that point on, the attacker would have complete remote control over the smartphone. The products affected are Rsupport, CommuniTake Remote Care and TeamViewer.
Although harder to exploit than ‘Stagefright’ (see below), revealed last week, getting a malicious app on to phones via Google App Store would be well within the realms of possibility. It will also be very difficult to fix because the flaw exists in an element added to smartphones by handset makers or carriers rather than Google. It will require them to act and that will take time – possibly a long time in some cases.
“These remote support tools can’t be removed by the end user and can only be patched by the network operator,” Check Point’s VP of product management, Gabi Reish told Techworld.
‘Stagefright’ MMS flaw
Made public: July 2015 Severity: 5/5 Versions affected: all up to Android 5.1 Fixed? Only for a few. Some networks have deactivated auto-MMS while Google has sent a patch to carriers
Arguably the most serious security flaw ever to hit Android, this one affecting a media playback component of the OS nobody usually thinks much about called Stagefright. Discovered by a researcher working for a firm
called Zimperium, attackers could exploit the issue by sending a malicious video message to almost any Android handset on the plant, which would execute automatically. Incredibly, no user interaction is needed and the message could even render itself invisible by deleting itself.
The issue affects around 95 percent of users, bar users of the secure Blackphone and after Google issued a patch, stock Nexus devices. Everyone else will have to wait for the patch via carriers.
Android Installer hijacking
Made public: March 2015, Severity: 1/5 Versions affected: up to Android 4.3 using third-party apps Fixed? All versions after 4.3
Affecting older smartphones only – that was still around half of all Android smartphones at the time of its discovery – this offered a novel way of attackers to replace one installer (or APK file) with another one when using third-party app stores, in effect letting a malicious app replace a legitimate one without the user realising it. Discovered by Palo Alto Networks
Android FakeID flaw
Made public: July 2014 Severity: 2/5 Versions affected: up to Android 4.31 Fixed? Only for devices from Android 4.4 onwards
Discovered by small security firm Bluebox Security, this offers a way for a malicious app to hijack the trusted status of a legitimate app through (by forging its digital certificate), effectively escaping any sandboxing security on the device. This was an alarmingly simple flaw in its execution, affecting every Android handset from 2.1 to 4.3.
Linux futex ‘TowelRoot’
Made public: June 2014 Severity: 2/5 Versions affected: Most phones running Android up to 4.4 Fixed? Anything updated after 3 June 2014 should be safe
An unusual kernel-level flaw affecting something called the futex subsystem, the flaw vulnerability was originally discovered and disclosed by a white hat called Pinkie Pie. However, not long after it was incorporated into a tool designed to root Android 4.4 called TowelRoot (from noted hacker George Hotz), which effectively functioned as a benign proof-of-concept exploit.
Comments
Post a Comment