Jump to content

Android bugs leave every smartphone and tablet vulnerable to privilege escalation


Reefa

Recommended Posts

Six new bugs uncovered in Google's mobile platform shows how every Android-powered device – more than a billion devices in all – are vulnerable to malware thanks to privilege escalation issues.

On the whole, mobile operating systems seem to be pretty secure, but new bugs uncovered in Google's mobile platform shows how every Android-powered device – more than a billion devices in all – are vulnerable to malware thanks to privilege escalation issues.

Researchers from Indiana University and Microsoft published a paper that describes a new class of Android vulnerabilities called Pileup flaws. Pileup, which is short for privilege escalation through updating, increases the permissions offered to malicious apps once Android is updated, without informing the user.

"Every few months, an update is released, which causes replacement and addition of tens of thousands of files on a live system. Each of the new apps being installed needs to be carefully configured to set its attributes within its own sandboxes and its privileges in the system, without accidentally damaging existing apps and the user data they keep," the researchers wrote. "This complicates the program logic for installing such mobile updates, making it susceptible to security-critical flaws."

"Through the app running on a lower version of Android, the adversary can strategically claim a set of carefully selected privileges or attributes only available on the higher OS version," the researchers wrote.

The problem, to put it simply, is that for the sake of convienience the Android user interface doesn't pop up any prompts pointing out the new permissions, but instead assigns them automatically in the background without giving the user any say in the matter.

The researchers claim to have discovered six different Pileup vulnerabilities within the Android Package Management Service (PMS), and have confirmed that these vulnerabilities are present in all Android Open Source Project versions, along with more than 3,500 customized versions of Android developed by handset OEMs and carriers. In total, the researchers claim that this leaves more than a billion Android devices vulnerable to a Pileup attack.

"A third-party package attribute or property, which bears the name of its system counterpart, can be elevated to a system one during the updating shuffle-up where all apps are installed or reinstalled, and all system configurations are reset," the researcher wrote. "Also, when two apps from old and new systems are merged as described above, security risks can also be brought in when the one on the original system turns out to be malicious."

The researchers have also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges. The scanner verifies the source code of PMS (from different Android versions) to identify any violation of a set of security constraints."

All of the issues have been reported to Google, and the company has already patched one of the six vulnerabilities.

Source

Edited by F3dupsk1Nup
Link to comment
Share on other sites


  • Replies 1
  • Views 1.6k
  • Created
  • Last Reply

Top Posters In This Topic

  • ffi

    1

  • Reefa

    1

Top Posters In This Topic

But updates need to be signed before they can be applied (at least when the bootloader is locked which is the case on most phones, the people that unlock install custom roms anyway), so you would need to access the OEM's private key or access to the source tree from which the update is compile to be able to use this violation

Edited by ffi
Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...