Researchers at FireEye have identified a vulnerability affecting Google Android that could be exploited to lead users to malicious sites.
According to FireEye, the issue allows a malicious app with ‘normal’ protection level permissions to target legitimate icons on the Android home screen and modify them to point to attack sites or the malicious app itself without notifying the user. The issue has been acknowledged by Google, which has released a patch to its OEM partners, the security researchers blogged.
Though the researchers called this an important security improvement, they noted an attacker can still manipulate Android home screen icons using two normal permissions – ‘com.android.launcher.permission.READ_SETTINGS’ and ‘com.android.launcher.permission.WRITE_SETTINGS.’
According to the researchers, these two permissions enable an app to query, insert, delete or modify the configuration settings of the Launcher. However, these two permissions have been labeled as ‘normal’ since Android 1.x.
“As a proof of concept attack scenario, a malicious app with these two permissions can query/insert/alter the system icon settings and modify legitimate icons of some security-sensitive apps, such as banking apps, to a phishing website,” the researchers explained. “We tested and confirmed this attack on a Nexus 7 device with Android 4.4.2…Google Play doesn’t prevent this app from being published and there’s no warning when a user downloads and installs it.”
“Lastly, this vulnerability is not limited to Android devices running AOSP,” the researchers continued. “We have also examined devices that use non-AOSP Launchers, including Nexus 7 with CyanogenMod 4.4.2, Samsung Galaxy S4 with Android 4.3 and HTC One with Android 4.4.2. All of them have the protection levels of com.android.launcher.permission.READ_SETTINGS and WRITE_SETTINGS as “normal”.”
Just recently, Google announced extra protection for Android that will continuously scan devices to make sure applications are not performing malicious actions after installation.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
