“TowelRoot” Gives Root Access to Samsung Galaxy S5 and other Popular Android Mobile Devices

A new vulnerability, codenamed TowelRoot, was recently released for the Linux kernel (CVE-2014-3153) through version 3.14.5 and it has affected Android 4.4 mobile devices. This vulnerability is extremely prevalent and exists on almost every popular Android device in the market including the very popular Samsung Galaxy S5.

This security vulnerability, when exploited, can allow any app to escalate it’s privileges to root (administrator) privileges. This would allow an attacker to bypass the Android security model and:

Run malicious code under administrator privileges
Retrieve various files and sensitive information from the device
Bypass enterprise data protection applications including: secure containers, wrappers and hardened apps.
Insert a persistent backdoor on the device to be later used for further attack activities

The vulnerability is currently codenamed TowelRoot after a rooting tool that was released on mobile forums that uses the vulnerability to root most of the popular mobile devices on the market. This tool is being widely publicized and is easily available for use without the need for technical know-how.

Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.

Mitigation Techniques:
The following mitigation controls will not provide 100% mobile security protection. However, following these best practices will largely minimize the threat of exposure.

Install applications only from reputable sources, i.e. from the official Google Play app store. Read reviews and the developer’s popularity scores.
Do not open suspicious/unknown links sent to the device.
Do not root the device.

The rooting tool currently effects a number of mobile devices, including but not limited to:

Samsung: Galaxy S5(International, Verizon, and AT&T variants), Note 3 (International, Verizon, and AT&T variants)
LG: G Flex
Motorola: RAZR HD/M, Razr Maxx HD
Sony: Sony Xperia E1, C6603, C5303, Xperia T, Xperia z1, Xperia SP

Other Information:

[1] http://forum.xda-developers.com/showthread.php?t=2783157
[2] http://towelroot.com/

See how use cases come to life through Check Point's customer stories.

See how use cases come to life through Check Point's customer stories.

See how use cases come to life through Check Point's customer stories.

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

AI-Powered Threat Prevention

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Learn hackers inside secrets and beat them at their own game

Check Point is 100% Channel. Grow Your Business with Us!

See how use cases come to life through Check Point's customer stories.

“TowelRoot” Gives Root Access to Samsung Galaxy S5 and other Popular Android Mobile Devices

You may also like

The Rise of the Code Package Threat

Docker Security Hole Revealed: Mitigate CVE-2019-5736

Who You Gonna Call? Stories From the Front Line of Cyber Defense

May’s Most Wanted Malware: Cryptomining Malware Digs into Nearly 40% of Organizations Globally