Technology News

Apps can exploit new Android bugs to hang devices, erase data

By NDTV Correspondent | Updated: 25 March 2014 16:54 IST
Apps can exploit new Android bugs to hang devices, erase data
Advertisement
Some reports have emerged claiming that cybercriminals could exploit Android-based smartphones and tablets using bugs that cause devices to become unresponsive or unusable.

Ars Technica reports that bugs in the Android operating system can allow malicious third-party apps to send vulnerable smartphones and tablets into a series of looping crashes and could also wipe all stored data.

The first of these bugs, reported by Trend Micro, is claimed to keep the Android device (smartphone or tablet) stuck in endless reboot loop that could leave the device unresponsive or even unusable, which can be considered to be 'bricking' of the device. If the device can be hard factory reset for recovery, it would result in all data being lost.

Ars Technica also cites researcher Ibrahim Balic, who claims to have discovered a similar vulnerability in Android devices which caused memory corruption. The memory corruption bug could be triggered by a seemingly legitimate app once it is installed. If the 'appname' field of the app contained an extremely long value, in excess of 387,000 characters, the device on which is installed could go into an endless loop.

Balic said on his blog post, "I think all android versions are affected by this vulnerability." However, Balic only confirmed that Android 2.3 Gingerbread, Android 4.2.2 and Android 4.3 Jelly Bean had been tested to be affected by the bug. Interestingly, it seems that such an app could also cause the cloud scanner Google employs to check for malicious apps on the Play Store (called Bouncer) to be affected. Bouncer reportedly experiences a denial-of-service type condition when scanning a freshly uploaded app that contained the exploit. Balic said after uploading his proof-of-concept app, he received errors from Google Play, and noticed other developers weren't able to upload their apps to the store for a short period after.

Trend Micro's claimed exploit is quite similar, with the 'Activity' label the vulnerable field. The security company says if large amount of data is fed into the Activity label, it could stop system functionality, and cause the device to reboot. The company's Veo Zhang detailed the process in a blog post

Our analysis shows that the first crash is caused by the memory corruption in WindowManager, the interface that apps use to control the placement and appearance of windows on a given screen. Large amounts of data were entered into the Activity label, which is the equivalent of the window title in Windows.

If a cybercriminal builds an app containing a hidden Activity with a large label, the user will have no idea whatsoever that this exploit is in fact taking place. Cybercriminals can further conceal the exploit by setting a timed trigger event that stops the current app activity and then opens the hidden Activity. When the timed event is triggered, the exploit runs, and the system server crashes as a result. This stops all functionality of the mobile device, and the system will be forced to reboot.

An even worse case is when the malware is written to start automatically upon device startup. Doing so will trap the device in a rebooting loop, rendering it useless. In this case, only a boot loader recovery fix will work, which means that all the information (contacts, photos, files, etc.) stored inside the device will be erased.

Further, Trend Micro's analysis revealed that PackageManager and ActivityManager on an Android device, alongside the WindowManager service, are also vulnerable to a series of crashing. The blog post notes that with the installation of any malicious third-party app with such an exploit, the Android device will crash immediately without needing any special permission to run the app.

As of now, there is no word from Google on the reported bugs that are said to make the Android smartphones or tablets vulnerable to threats from malicious apps.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Cyber Crime, Google, Mobiles, Tablets, Trend Micro
First US counterfeit apps case sees guilty pleas
First Bitcoin derivative announced by Tera Exchange

Related Stories

Apps can exploit new Android bugs to hang devices, erase data
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. OnePlus 11R Solar Red With 8GB RAM, 128GB Storage Debuts in India: See Price
  2. Ray-Ban Meta Smart Glasses: Versatile and Practical
  3. OTT Releases This Week: Rebel Moon Part 2, Article 370 and More
  4. Itel Super Guru 4G With YouTube, UPI Support Debuts in India: See Price
  5. Xiaomi's HyperOS Is Now Coming to the Redmi Note 13 Series in India
  6. Xiaomi 14 Series May Soon Get an 'AI Treasure Chest' With Several AI Tools
  7. Lenovo Might Launch the First Laptop With Snapdragon X Elite: See Images
  8. How to Watch IPL Match for Free on Mobile and Smart TV
  9. Samsung Galaxy Z Flip 6 Reportedly Listed on Geekbench With This SoC
  10. Apple's Rumoured 12.9-Inch iPad Air May Arrive With This Display Upgrade
#Latest Stories
  1. Xiaomi 14 Series 'AI Treasure Chest' With Several AI Tools in Testing, Could Debut This Year: Report
  2. Redmi Note 13 5G Series HyperOS Update Based on Android 14 Begins Rolling Out in India
  3. YouTube Reportedly Rolling Out Support for 8K Resolution Videos on the Meta Quest
  4. Lenovo Yoga Slim 7 (2024) Design Spotted in Leaked Renders; Could Debut as First Snapdragon X Elite Laptop
  5. Samsung Galaxy Z Flip 6 With Snapdragon 8 Gen 3 SoC for Galaxy Allegedly Surfaces on Geekbench
  6. Itel S24 India Launch Teased; Confirmed to Come With 108-Megapixel Main Camera, MediaTek Helio G91 SoC
  7. BWA Lays Down Self-Regulatory Guidelines on Token Listings for Indian Crypto Exchanges
  8. Samsung Galaxy F15 5G With 8GB RAM, 128GB Storage Launched in India: Price, Offers
  9. OnePlus 11R 5G Solar Red Variant With 8GB RAM, 128GB Storage Launched in India
  10. Adobe Express Mobile App With Firefly AI Is Now Available Globally
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »