Important research that exposes an exploitable vulnerability in Android 4.2.2 affects a wide range of devices. Currently nicknamed “Pie”, this vulnerability has been gracing the pages of several forums over the past few days. Attackers exploiting this vulnerability can acquire root privileges to many Android-based mobile phones.
What’s the bottom line?
Under certain circumstances, an attacker exploiting the vulnerability can acquire root permissions to the victim’s device. This means the attacker could then:
Run malicious code under administrator privileges
Retrieve various files and sensitive information from the device
Bypass enterprise data protection applications including: secure containers, wrappers and hardened apps.
Insert a persistent backdoor on the device to be later used for further attack activities
Which devices are vulnerable?
Moto G, Moto X and Nexus 4 have been identified as vulnerable. It’s also likely that older devices as well as low-cost Android devices are vulnerable, but we’re yet to confirm this for certain.
How can an attacker exploit this vulnerability?
The attacker would first have to either use a cable (a physical connection to the device) or use a privilege escalation vulnerability (such as Master Key) in order to obtain the required system permissions to employ “Pie”.
Privilege escalation is the act of exploiting a vulnerability in the OS to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the developer or system administrator can perform unauthorized actions.
From that point on, the attacker can quite easily obtain root level permissions.
It’s important to note that in most cases, the vulnerability would allow the attacker to retain root permissions until the device is rebooted (aka untethered). However, the access can be made permanent in a number of different ways depending on the device/manufacturer. Some devices would require another vulnerability to keep the root permissions permanent, while others are less secure.
Are Lacoon customers safe?
MobileFortress can detect a wide range of vulnerabilities, including privilege escalation attacks that can give provisional system permissions which is the more likely of the ways an attacker can begin to exploit the Pie vulnerability.
For more information Contact Us @ sales@lacoon.com.
What general steps can enterprises take to prevent this exploit?
If possible, upgrade all devices to the latest version of Android or at a minimum to Android 4.4.3.
Where can I find out more about the “Pie” vulnerability?
http://blog.cassidiancybersecurity.com/post/2014/06/Android-4.4.3%2C-or-fixing-an-old-local-root
http://forum.xda-developers.com/moto-x/orig-development/root-4-4-x-pie-motorola-devices-t2771623