Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

TowelRoot Vulnerability Could Lead to Attacks on Android Devices: Researcher

Researchers at Lacoon Mobile Security are warning that a Linux vulnerability exploited by a tool to root Google Android phones could also be used by attackers. 

Researchers at Lacoon Mobile Security are warning that a Linux vulnerability exploited by a tool to root Google Android phones could also be used by attackers. 

The vulnerability, CVE-2014-3153, affects version 3.14.5 of the Linux kernel and resides in the futex subsystem. It has been dubbed TowelRoot by Lacoon, in reference to a recently released tool designed to help users root their Android phones. 

According to Ohad Bobrov, vice president of research and development with Lacoon Mobile Security, TowelRoot affects Android 4.4 mobile devices and is extremely prevalent on the Android-based devices on the market, including in the Samsung Galaxy S5.

“This security vulnerability, when exploited, can allow any app to escalate it’s privileges to root (administrator) privileges,” blogged Bobrov. “This would allow an attacker to bypass the Android security model and run malicious code under administrator privileges; retrieve various files and sensitive information from the device; bypass enterprise data protection applications including secure containers, wrappers and hardened apps; [and] insert a persistent backdoor on the device to be later used for further attack activities.”

The TowelRoot tool was released a few days ago on the Internet. It uses the vulnerability to root many of the mobile devices in the market, such as the LG G Flex and the Samsung Galaxy Note 3. The app was developed by white hat hacker George Hotz, aka ‘Geohot’, who is also known for having hacked Apple iOS devices. 

“This tool is being widely publicized and is easily available for use without the need for technical know-how,” Bobrov blogged. “Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.”

To mitigate the threat, he suggested organizations take a number of steps, such as only installing applications from reputable sources to limit the likelihood of downloading a malicious application that takes advantage of the vulnerability. In addition, he suggested users do not open suspicious or unknown links sent to to the device, and do not root it.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.