Researchers at Lacoon Mobile Security are warning that a Linux vulnerability exploited by a tool to root Google Android phones could also be used by attackers.
The vulnerability, CVE-2014-3153, affects version 3.14.5 of the Linux kernel and resides in the futex subsystem. It has been dubbed TowelRoot by Lacoon, in reference to a recently released tool designed to help users root their Android phones.
According to Ohad Bobrov, vice president of research and development with Lacoon Mobile Security, TowelRoot affects Android 4.4 mobile devices and is extremely prevalent on the Android-based devices on the market, including in the Samsung Galaxy S5.
“This security vulnerability, when exploited, can allow any app to escalate it’s privileges to root (administrator) privileges,” blogged Bobrov. “This would allow an attacker to bypass the Android security model and run malicious code under administrator privileges; retrieve various files and sensitive information from the device; bypass enterprise data protection applications including secure containers, wrappers and hardened apps; [and] insert a persistent backdoor on the device to be later used for further attack activities.”
The TowelRoot tool was released a few days ago on the Internet. It uses the vulnerability to root many of the mobile devices in the market, such as the LG G Flex and the Samsung Galaxy Note 3. The app was developed by white hat hacker George Hotz, aka ‘Geohot’, who is also known for having hacked Apple iOS devices.
“This tool is being widely publicized and is easily available for use without the need for technical know-how,” Bobrov blogged. “Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.”
To mitigate the threat, he suggested organizations take a number of steps, such as only installing applications from reputable sources to limit the likelihood of downloading a malicious application that takes advantage of the vulnerability. In addition, he suggested users do not open suspicious or unknown links sent to to the device, and do not root it.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
