Android Vulnerability Lets Hackers Replace Apps on Your Device

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Zero-day vulnerability gives Android apps super-privileges
At the USENIX WOOT 2015 security conference in Washington D.C. this weekend, IBM's Or Peles and Roee Hay presented a new zero-day vulnerability affecting Android devices.
In their paper titled One Class to Rule Them All, the two researchers working for IBM's X-Force Application Security Research Team provided a proof of concept of CVE-2014-3153, a vulnerability they found in Android's OpenSSLX509Certificate class.

When leveraged by an attacker, the class would allow them to escalate the privileges of a lesser app, and grant it super-privileges (system user status) over the whole phone.

Attackers can use it to replace authentic apps with fake ones
If the CVE-2014-3153 zero-day would to be exploited, attackers would need an entry point into the user's device.

Since they only need to run a small snippet of code to escalate the privileges of an app, they could hide that small piece of code in any game or lesser app they'd like, and even host it on the Play Store.

Once a user installs and accesses it, the code would be executed, and the lesser app would get system-level privileges.

If the attacker's entry point is a more "malicious" app, and besides the escalation code, it also contains more complex procedures, the user would be in bigger trouble.

An attacker could easily use this vulnerability to download malicious APKs on the user's device, and then use them to replace authentic apps, like the Facebook app, seen in the video below.

The aftermath of escalating privileges with CVE-2014-3153 is not only limited to replacing authentic apps alone. Hackers could also download anything they'd like to from the user's device, spy on the user, or whatever the attacker would like to since the user won't ever be prompted with any popups, everything happening in the background.

55% of all Android devices affected
According to researchers, all Android versions from 4.3 to 5.1 are affected, meaning Jelly Bean, KitKat, and Lollipop. Additionally, the latest M version that's still unnamed, is vulnerable as well.

This accounts for about 55% of all the Android market.

Additionally, the IBM team has also taken steps to properly disclose this vulnerability, for which Google has already issued patches

 
  • Like
Reactions: LabZero

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Gives the Government the upper hand, if they wanted to exploit (targeted) Android users.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top