Mobile Security Weekly – Paranoid Android?

This week started out well for Android. There’s quite a bit of hype surrounding the 2014 Google i/o conference at the end of June. Sadly, things didn’t progress in the same direction: for the first time, Android devices sold in Europe & the US have been found to have factory-installed malware. Furthermore, a powerful new vulnerability named TowelRoot has been discovered.

For our in-depth post on TowelRoot and its implications, click here

Screen Shot 2014-06-20 at 5.30.32 PM

A new Android vulnerability named TowelRoot could lead to attacks on Android devices
TowelRoot, named in reference to a recently released tool designed to help users root their Android phones, affects Android 4.4 mobile devices and is extremely prevalent in many of the Android-based devices on the market, including the Samsung Galaxy S5.

As we explained in our blog post, this security vulnerability, when exploited, can allow any app to escalate its privileges to root (administrator) privileges. This would allow an attacker to bypass the Android security model and run malicious code under administrator privileges as well as retrieve various files and sensitive information from the device or insert a persistent backdoor on the device.

The TowelRoot tool was released a few days ago on the Internet. It uses the vulnerability to root many of the mobile devices in the market, such as the LG G Flex and the Samsung Galaxy Note 3. The app was developed by white hat hacker George Hotz, aka ‘Geohot’, who is also known for having hacked Apple iOS devices.

Why is this Significant?

  1. Towelroot affects almost all Android devices.
  2. It’s simple to carry out. Since the whole process is done via an app, it can be performed as a one-click process. This is as opposed to other rooting processes which typically require a more complicated process involving inputting commands and uploading files to the device from a computer.
  3. The rooting can be performed unbeknownst to the device owner. The reason is that rooting via exploits such as Towelroot does not lead to any visual indications that the device had been rooted.

Android devices coming out of China are arriving with factory-installed malware.
The powerful but surprisingly cheap Chinese-made Android Star N9500 smartphone sold on a wide range of websites including Amazon UK and eBay is being used to distribute a dangerous factory-installed trojan.

The Trojan, known as “Uupay.D”, disguised as the Google Play Store, comes pre-installed on the Android smartphone and cannot be removed by the user. The malware steals personal data from the phone and sends it to an anonymous server located in China, but is also capable of installing additional applications or viruses without the user’s knowledge.

The virus enables the criminals to track the location of the smartphone, intercept and record phone calls, make purchases and send premium text messages without the user’s permission. It could also be used to break into online banking or other secure services.

Why is this Significant?
The low price of a smartphone with such a wide range of features must be a criminal tactic to entice users. The criminals likely make money from the sale of stolen personal data. It is unknown at what point during the manufacturing process the malware was introduced. Whenever it happened, this is something that should make all users even more wary of mobile security than before.