Researchers at Lacoon Mobile Security are warning that a Linux vulnerability exploited by a tool to root Google Android phones could also be used by attackers.
The vulnerability, CVE-2014-3153, affects version 3.14.5 of the Linux kernel and resides in the futex subsystem. It has been dubbed TowelRoot by Lacoon, in reference to a recently released tool designed to help users root their Android phones.
According to Ohad Bobrov, vice president of research and development with Lacoon Mobile Security, TowelRoot affects Android 4.4 mobile devices and is extremely prevalent on the Android-based devices on the market, including in the Samsung Galaxy S5.
“This security vulnerability, when exploited, can allow any app to escalate it’s privileges to root (administrator) privileges,” blogged Bobrov. “This would allow an attacker to bypass the Android security model and run malicious code under administrator privileges; retrieve various files and sensitive information from the device; bypass enterprise data protection applications including secure containers, wrappers and hardened apps; [and] insert a persistent backdoor on the device to be later used for further attack activities.”
The TowelRoot tool was released a few days ago on the Internet. It uses the vulnerability to root many of the mobile devices in the market, such as the LG G Flex and the Samsung Galaxy Note 3. The app was developed by white hat hacker George Hotz, aka ‘Geohot’, who is also known for having hacked Apple iOS devices.
“This tool is being widely publicized and is easily available for use without the need for technical know-how,” Bobrov blogged. “Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.”
To mitigate the threat, he suggested organizations take a number of steps, such as only installing applications from reputable sources to limit the likelihood of downloading a malicious application that takes advantage of the vulnerability. In addition, he suggested users do not open suspicious or unknown links sent to to the device, and do not root it.
