Firmware that actively tries to hide itself allows attackers to install apps as root.
Dan Goodin (US) - 18/11/2016
Almost three million Android phones are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday
Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks.
Full Article
