Feeds

Android bugs let attackers install malware without warning

No permissions necessary

5 things you didn’t know about cloud backup

Researchers have disclosed bugs in Google's Android mobile operating system that allow attackers to surreptitiously install malware on users' handsets.

The most serious of the two flaws was poignantly demonstrated on Wednesday in a proof-of-concept app that was available in the Google-sanctioned Market. Disguised as an expansion for the popular game Angry Birds, it silently installs three additional apps that without warning have access to a phone's contacts, location information and SMS functionality and can transmit their data to a remote server.

It took Google about six hours to pull the bogus app, said Scio Security CTO Jon Oberheide, one of the two researchers to discover and exploit the vulnerability. What will be harder to lock down are the special security tokens the web giant uses to authenticate Android users so they don't have to expose their passwords to third-party services. The proof-of-concept works by exploiting weaknesses in that Android token system.

“It abuses that token to perform the same actions the legitimate Market app would perform, but without asking for permission,” Oberheide told The Register. “Through some of the research, we realized we could use this one specific token for the Android service to bypass the restrictions on the permission system.”

Zach Lanier, a senior consultant at Intrepidus Group, also worked to discover the bypass bug. He and Oberheide plan to provide more details at an internal security conference scheduled for Thursday at Intel's Oregon campus.

"We've begun rolling out a fix for this issue, which will apply to all Android devices," a Google spokesman said. "As always, we advise users to only install applications they trust."

Oberheide said that his disclosure came the same day that a researcher with Basingstoke, UK-based MWR InfoSecurity demonstrated a separate bug in the Android browser that lets attackers install malware on a fully patched HTC Legend running Android 2.1. Although the most recent Android version is 2.2, figures supplied by Google show that 64 percent of users have yet to be upgraded to it.

Nils, who doesn't disclose his surname to journalists, didn't respond to emails seeking comment. He is scheduled to present his findings on Thursday at the Blackhat security conference in Abu Dhabi.

Oberheide is same researcher who in June forced Google to wield Android's then-secret remote kill switch when he released a pair of applications to demonstrate how easy it is to use Market to bootstrap a rootkit onto Android phones.

The two most recent attacks “operate entirely in userspace and leverage weaknesses present in the Android platform ad common HTC handsets to achieve their goals,” Oberheide said. They came the same week that attack code exploiting a browser vulnerability in older Android phones was released. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.