Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Rogue apps could exploit Android vulnerability to brick devices, researchers warn

Lucian Constantin | March 25, 2014
A vulnerability in Android that was publicly disclosed in mid-March could be exploited by malicious applications to force devices into an endless reboot loop, according to security researchers from Trend Micro.

In January security researchers from Symantec identified a Trojan program that tried to install mobile banking malware on Android devices connected to compromised computers by using the legitimate Android Debug Bridge (ADB) command line tool.

While investigating the risks associated with the vulnerability reported by Balic, the Trend Micro researchers identified a second flaw that can be used to crash Android's PackageManager and ActivityManager services.

When this happens, all other processes that depend upon PackageManager also crash, leaving the Android device completely unusable, the researchers said. Apps targeting this second vulnerability can't be installed through the regular Android user interface, but they can be deployed through ADB, which is used by many third-party market clients, they said.

Google has been notified about both vulnerabilities, but users should take the necessary precautions to protect their devices, the Trend Micro researchers said."It's important to treat third-party apps with a healthy dose of suspicion and skepticism as cybercriminals are always on the lookout to find and exploit every nook and cranny in Android devices."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.