The Race to Exploit Android’s Vulnerabilities

Mon, 22 Jul 2013 – Kevin Wilson, Director of Public Relations

The Android operating system and the devices that run it are fast becoming a focus of attention for cybercriminals and malware. In fact, according to McAfee and Juniper Networks, the number of mobile malware apps has increased 614% in the past year to 276,259[i]”. In its third annual Mobile Threats Report, Juniper says that malware aimed at the Android device has grown from 24% of all mobile malware 2010 to 92% by March 2013[ii]. Like Windows OS, much of the malicious attention is driven by the growing popularity of the Android platform and the volumes of people buying Android devices. According to ComScore, Android owns more than 52 percent of the worldwide market share.[iii]
Time for Protective Measures
While Gartner analysts at the June 2013 Security and Risk Management Summit indicated that threats to Android users from the plentiful vulnerabilities do not necessarily justify native anti-malware protection, they did predict that attackers would increase their focus on the Android platform.
The time to take protective measures is upon us. A major Android security hole recently discovered by Bluebox Security, further increases cybercriminal’s focus on the Android and possibly justifies an enterprise investment in mobile anti-malware technology sooner than anticipated.
A Serious Threat to 900 Million Devices
Bluebox Security uncovered a “vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user.”[iv] According to Bluebox, the vulnerability is applicable on every Android phone that was released in the last four years, roughly 900 million devices.
The threat to Android users is significant, allowing hackers to “exploit the vulnerability for anything from data theft to creation of a mobile botnet.” While Bluebox could not find evidence that the vulnerability has been exploited, it did suggest that the risk is even greater “when you consider applications developed by the device manufacturers” such as Samsung or Motorola, which “work in cooperation with the device manufacturer” and “are granted special elevated privileges within Android – specifically System UID access.”
“Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data).”[v]
For additional details about how the vulnerability works, visit
Protecting Android Devices from the Weakest Link
Adam Tegg, president and CEO of Wontok stated, “Experts have predicted such vulnerabilities, and we’ve been working on addressing this, including launching SafeCentral for Android last month. Given the severity of this vulnerability, we are working with the experts to address this new issue using our deep expertise and understanding of malware.”
While Google has already published a patch and device manufacturers continue to work on repairs, cybercriminals have access to publicly available tools that will help them create the applications to capitalize on the security hole.
The threat is forcing people and industries to ask questions. For example, Credit Union Times published an article on July 15, 2013 with the headline, “Threat of the Week: Time to Disconnect Android Phones?” Commenting on the Bluebox discovery, the article states, “On its face, that says almost all Android phones are ticking time bombs and so the rumbling has started that just maybe credit unions and other financial institutions should politely but firmly advise their members to take their Androids elsewhere.
“But there is more to this story and, indeed, Android vulnerabilities are real but few security experts are urging outright bans.”[vi]
Tegg concluded, “While a ban on Android devices is unlikely and not necessary, it’s important to understand that the weakest link in the security chain is always going to be the end user. And just like Windows-based machines, it’s important that people use their Android devices safely, and that enterprises develop and enforce policies that reduce risk. Strong policies, as well as practicing safe surfing and download habits, will go a long way to prevent problems, while using SafeCentral’s SafeBrowser on a PC or an Android device, will add a strong layer of protection against vulnerabilities.”