To Customer Support To Customer Support

Half of Android Users Exposed to Attack via Installation Vulnerability

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
by Brian Donohue       March 24, 2015
 


 
The security firm Palo Alto Networks says it discovered a Time-of-Check to Time-of-Use vulnerability in Google’s Android operating system last year. Today’s research is their disclosure: an attack — dubbed Android installer hijacking – which exploits that bug, giving an attacker the ability to wrest control of application package files (APKs) while they install.

“We have successfully tested both exploits against Android 2.3, 4.0.3-4.0.4, 4.1.X, and 4.2.x,” a Palo Alto researcher wrote. “According to Android Dashboard, this vulnerability affected approximately 89.4 percent of the Android population as of January 2014 (when we first discovered it), and approximately 49.5 percent of the Android population as of March 2015.”
 
Full Article

4 replies

jpasternak
Rank
Userlevel 7
Installer Hijacking Vulnerability in Android Devices
Original release date: March 24, 2015
 
A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.
 
US-CERT advises users to ensure their devices are running an up-to-date version of Android and to use caution when installing software from third-party app stores.
 
Source: https://www.us-cert.gov/ncas/current-activity/2015/03/24/Installer-Hijacking-Vulnerability-Android-Devices
— Jeff
Miquell
Rank
Userlevel 7
Malware and threats design to attack Android grow sronger and faster than it was at the early beginings of Windows.
If you add to that possible attack using vulnerabilities and the growing number of mobile devices the Android users should behave particularly vigilant and cautious, certainly on the same level as the users of ordinary notebooks and computers.
Oh and once should always rember how helpful it may be to install WSA also on mobile devices;)
 
A big kudo and many thanks for sharing Jeff!:D
WEBROOT® SecureAnywhere™ Internet Security Complete Beta macOS Sierra & Windows 10 Pro 64
Petrovic
Rank
Userlevel 7
Badge +52

Experts at Palo Alto Networks discovered the Installer Hijacking vulnerability that exposes half of Android users to attack via Installation Vulnerability.

The security researcher Zhi Xu from Palo Alto Networks discovered a critical vulnerability, dubbed Android Installer Hijacking, affecting the Android PackageInstaller system service. By exploiting the flaw, an attacker can gain unlimited permissions on compromised smartphone and data it manages, including user’s credentials and sensitive data.
 
Full Article
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Mar 25, 2015  By Tony Bradley  
 
The issue is a problem only when downloading apps from third-party repositories. Apps installed from Google Play are downloaded to a protected space within the file system. Third-party app stores, on the other hand, typically download files to unprotected storage and installed directly from there. The TOCTTOU flaw enables an attacker to modify or replace the file during installation without alerting the user.
 
The issue is mainly a concern for users that install apps from third-party app stores on older Android devices. Palo Alto Networks claims that the flaw exists in Android 2.3, 4.0.3-4.0.4, 4.1.x, and 4.2.x. Some Android 4.3 implementations have also been found vulnerable.
 
Full Article
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.