Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

TowelRoot Vulnerability Could Lead to Attacks on Android Devices: Researcher

Researchers at Lacoon Mobile Security are warning that a Linux vulnerability exploited by a tool to root Google Android phones could also be used by attackers. 

Researchers at Lacoon Mobile Security are warning that a Linux vulnerability exploited by a tool to root Google Android phones could also be used by attackers. 

The vulnerability, CVE-2014-3153, affects version 3.14.5 of the Linux kernel and resides in the futex subsystem. It has been dubbed TowelRoot by Lacoon, in reference to a recently released tool designed to help users root their Android phones. 

According to Ohad Bobrov, vice president of research and development with Lacoon Mobile Security, TowelRoot affects Android 4.4 mobile devices and is extremely prevalent on the Android-based devices on the market, including in the Samsung Galaxy S5.

“This security vulnerability, when exploited, can allow any app to escalate it’s privileges to root (administrator) privileges,” blogged Bobrov. “This would allow an attacker to bypass the Android security model and run malicious code under administrator privileges; retrieve various files and sensitive information from the device; bypass enterprise data protection applications including secure containers, wrappers and hardened apps; [and] insert a persistent backdoor on the device to be later used for further attack activities.”

The TowelRoot tool was released a few days ago on the Internet. It uses the vulnerability to root many of the mobile devices in the market, such as the LG G Flex and the Samsung Galaxy Note 3. The app was developed by white hat hacker George Hotz, aka ‘Geohot’, who is also known for having hacked Apple iOS devices. 

“This tool is being widely publicized and is easily available for use without the need for technical know-how,” Bobrov blogged. “Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.”

To mitigate the threat, he suggested organizations take a number of steps, such as only installing applications from reputable sources to limit the likelihood of downloading a malicious application that takes advantage of the vulnerability. In addition, he suggested users do not open suspicious or unknown links sent to to the device, and do not root it.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.