The Spy in Your Pocket, Part 3: Cyber Risks to Android-based Devices


In this third and last entry in our short series overviewing mRATs, we’ll delve into the risks facing Android-based devices.

Generally speaking, it’s possible to map four cyber-risks to Android-based devices:

  1. 1. Mobile Remote Access Trojans (mRATs) Distributed via Various Application Markets
  2. 2. System Exploits
  3. 3. Fragmentation and Patching Cycles
  4. 4. Wifi Man-in-the-Middle (MitM)

Mobile Remote Access Trojans (mRATs) Distributed via Various Application Markets

In our first entry in this series we discussed the general threat of mobile Remote Access Trojans (mRATs) – attack tools that take full controls of the sensors and the hardware of the mobile devices without the owner’s knowledge.
As cyber-espionage is on the rise, so is the number of Android mRATs. mRATs are generally developed and distributed as such, or distributed as repackaged legitimate apps containing the malicious functionality.
Google has been working hard in order to protect the Google Marketplace from mRATs by performing security code checks. However, due to its open platform, mRATs continue to fall through. More so, the dozens of secondary Android application markets provide an additional and frequently-used mRAT distribution channel. Unfortunately, however, Google does not perform any built-in security code checks for those apps downloaded through these secondary markets.

System Exploits

The risk here is of system vulnerabilities that are exploited to allow the attacker to gain elevated privileges which is equivalent to “rooting” the device without leaving any trace. A rooted device bypasses the built-in Android security mechanisms so that any application can gain system privilege and overcomes any device restrictions. Ultimately, an attacker rooting the device can install any mRAT without the device owner’s knowledge.
In the past year or so about a dozen such exploits were released, including a tool which exploited a vulnerability on Samsung Galaxy S4 devices , a vulnerability in pre-installed backup software on LG devices, and a vulnerability in the drivers used by the camera and multimedia devices on Exynos 4-powered devices.

Fragmentation and Patching Cycles

The multitude of Android-based operating systems multiplied by the numerous device manufacturers, also called fragmentation, provides consumers with an enormous decision pool. But therein also lay the security issues. The irregularity of hardware patching cycles – and their variance from platform to platform – forces enterprises to raise their hands in defeat when it comes to tracking the various vulnerable versions. While enterprises struggle to get a grip on their employees’ insecure and vulnerable devices, attackers are quick to leverage this window of opportunity.

Wifi Man-in-the-Middle (MitM) Attacks

Similarly as in iOS-based devices, the threat here is of an attacker eavesdropping, and even altering, the user’s Wifi communications.
MitM attacks have always been a concern for wireless devices. But the prevalence of smartphones in individuals’ personal and business life has made mobile devices much more susceptible to this type of attack. Additionally, typical alert and warning signs that individuals are used to noticed on PCs and laptops are much more subtle in their mobile counterparts. Furthermore, with limited screen real-estate, URLs are hidden from the user and so the user cannot validate that the URL the browser is pointing to is actually the intended one.