Connect with us

Hi, what are you looking for?



Google’s Android Team Finds Serious Flaw in Honeywell Devices

Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw.

Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw.

Honeywell’s handheld computers are advertised as devices that combine the advantages provided by consumer PDAs with high-end industrial mobile computers. These rugged devices run Android or Windows operating systems and they provide a wide range of useful functions and connectivity features, including Wi-Fi, Bluetooth and compatibility with Cisco products. The devices are used worldwide in the commercial facilities, critical manufacturing, energy and healthcare sectors.Honeywell handheld computers affected by vulnerability

According to ICS-CERT, the vulnerability found by Google employees affects 17 handheld computers from Honeywell, including CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series devices running various versions of Android, from 4.4 through 8.1.

If a malicious application makes its way onto an affected device, it can allow its creators to elevate privileges on the system and gain unauthorized access to sensitive information, including keystrokes, passwords, photos, emails, and business-critical documents.

“A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges,” ICS-CERT said in its advisory.

Register for SecurityWeek’s 2018 ICS Cyber Security Conference

The flaw is tracked as CVE-2018-14825 and it has been assigned a CVSS score of 7.6, which makes it “high severity.” The national CERTs of several countries have published advisories to warn organizations about the vulnerability.

While the security hole has been found by Google’s Android team, Honeywell told SecurityWeek that the issue is specific to its products and it does not impact Android in general.

Advertisement. Scroll to continue reading.

“Honeywell has identified a potential vulnerability on select versions of our rugged mobile computers and issued a software patch to update these devices.” Eric Krantz, a Honeywell spokesperson, said via email.

ICS-CERT provides a complete list of impacted devices and Android versions, along with the software releases containing a patch. In addition to applying the fixes, Honeywell has advised customers to whitelist trusted applications in an effort to limit the risk of malicious apps getting on devices.

Related: Several Flaws Patched in Honeywell Controllers

Related: Honeywell SMX Protects Industrial Sites From USB Threats

Related: Honeywell to Open Industrial Cyber Security Center Singapore

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.