Site icon Check Point Blog

“TowelRoot” Gives Root Access to Samsung Galaxy S5 and other Popular Android Mobile Devices

A new vulnerability, codenamed TowelRoot, was recently released for the Linux kernel (CVE-2014-3153)  through version 3.14.5 and it has affected Android 4.4 mobile devices. This vulnerability is extremely prevalent and exists on almost every popular Android device in the market including the very popular Samsung Galaxy S5.

This security vulnerability, when exploited, can allow any app to escalate it’s privileges to root (administrator) privileges. This would allow an attacker to bypass the Android security model and:

The vulnerability is currently codenamed TowelRoot after a rooting tool that was released on mobile forums that uses the vulnerability to root most of the popular mobile devices on the market. This tool is being widely publicized and is easily available for use without the need for technical know-how.

Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.

Mitigation Techniques:
The following mitigation controls will not provide 100% mobile security protection. However, following these best practices will largely minimize the threat of exposure.

  1. Install applications only from reputable sources, i.e. from the official Google Play app store. Read reviews and the developer’s popularity scores.
  2. Do not open suspicious/unknown links sent to the device.
  3. Do not root the device.

The rooting tool currently effects a number of mobile devices, including but not limited to:

Other Information:

[1] http://forum.xda-developers.com/showthread.php?t=2783157
[2] http://towelroot.com/

Exit mobile version