A new vulnerability, codenamed TowelRoot, was recently released for the Linux kernel (CVE-2014-3153)  through version 3.14.5 and it has affected Android 4.4 mobile devices. This vulnerability is extremely prevalent and exists on almost every popular Android device in the market including the very popular Samsung Galaxy S5.

This security vulnerability, when exploited, can allow any app to escalate it’s privileges to root (administrator) privileges. This would allow an attacker to bypass the Android security model and:

  • Run malicious code under administrator privileges
  • Retrieve various files and sensitive information from the device
  • Bypass enterprise data protection applications including: secure containers, wrappers and hardened apps.
  • Insert a persistent backdoor on the device to be later used for further attack activities

The vulnerability is currently codenamed TowelRoot after a rooting tool that was released on mobile forums that uses the vulnerability to root most of the popular mobile devices on the market. This tool is being widely publicized and is easily available for use without the need for technical know-how.

Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.

Mitigation Techniques:
The following mitigation controls will not provide 100% mobile security protection. However, following these best practices will largely minimize the threat of exposure.

  1. Install applications only from reputable sources, i.e. from the official Google Play app store. Read reviews and the developer’s popularity scores.
  2. Do not open suspicious/unknown links sent to the device.
  3. Do not root the device.

The rooting tool currently effects a number of mobile devices, including but not limited to:

  • Samsung: Galaxy S5(International, Verizon, and AT&T variants), Note 3 (International, Verizon, and AT&T variants)
  • LG: G Flex
  • Motorola: RAZR HD/M, Razr Maxx HD
  • Sony: Sony Xperia E1, C6603, C5303, Xperia T, Xperia z1, Xperia SP

Other Information:

[1] http://forum.xda-developers.com/showthread.php?t=2783157
[2] http://towelroot.com/