Sign in with
Sign up | Sign in

Nearly All Android Devices Vulnerable to Rooting Attack

By - Source: Tom's Guide US | B 9 comments

A flaw in the Android operating system may leave many Android phones and tablets vulnerable to attack, including the Samsung Galaxy S5 and Google's own Nexus 5. It's the same flaw that was recently discovered in the Linux kernel, on which Android is based — and a just-released Android "rooting" tool that uses the flaw could make the problem even worse.

Exploiting the flaw on an Android device yields root permissions, or total control of the system. That's not itself malicious, but the exploit could also let attackers remotely download malware, copy the device owner's files and other personal data, disable the device's security apps and create a backdoor for more attacks, according to San Francisco-based security firm Lacoon Mobile Security.

MORE: 30 Best Apps for Rooted Android Phones

The Linux kernel flaw, designated CVE-2014-3153 by the information-security community, was discovered June 7 by a pseudonymous teenage hacker called Pinkie Pie. Four days later, phone hacker George Hotz, who at age 17 became the first to "unlock" an iPhone, released an Android rooting tool called TowelRoot that uses the kernel flaw. 

Hotz has made his tool available for download at TowelRoot.com, and said there that the tool should work on all versions of Android made before June 3. (In an mobile developers' forum, Hotz admitted some Motorola and HTC phones seem to be immune.) In a Lacoon company blog post Monday (June 16), Lacoon vice president Ohad Bobrov warned that the bug used in TowelRoot could also be used for purposes far more nefarious than rooting one's own phone. 

The Linux kernel bug affects all Linux kernels up to 3.14.5 and is present in Android 4.4 KitKat and earlier, which means most commercial Android phones are affected. To exploit the bug, attackers would need to trick device owners to install a specially crafted malicious app of the sort commonly found in "off-road" Android app markets.

To protect against this, users should only install Android applications from the Google Play Store and make sure their devices cannot accept software from "unknown sources." A good Android security app might also be able to detect this exploit code in downloaded software.

Samsung's compartmentalization feature Samsung Knox cannot stop apps with this exploit from installing, though Knox will issue an alert, Lacoon CEO Michael Shaulov told security blog Threatpost

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Add your comment Display 9 Comments.
  • 0 Hide
    dextermat , June 18, 2014 12:06 PM
    Trumpet sound anyone?
  • -2 Hide
    dstarr3 , June 18, 2014 12:49 PM
    So, basically, this article is telling us that rooting is dangerous? More common sense than news.
  • -3 Hide
    coolitic , June 18, 2014 1:20 PM
    2 articles by 2 captain obvious' in a row.

    The poor quality of tomshardware articles continue to amaze me.
  • 2 Hide
    jakjawagon , June 18, 2014 3:02 PM
    Quote:
    To protect against this, users should only install Android applications from the Google Play Store and make sure their devices cannot accept software from "unknown sources."


    There are legit Android app stores other than Google play. Amazon and Humble Bundle for example. Android users should just use the same precautions as if they were installing software on a Windows PC. Only install software from trusted sources, yes, but Google Play is far from the only trusted source.
  • 0 Hide
    okibrian , June 18, 2014 4:33 PM
    Quote:
    So, basically, this article is telling us that rooting is dangerous? More common sense than news.

    They are saying malicious code could easily be embedded into software to exploit this vulnerability. That is why they are telling you to only download apps from approved app stores. You will reduce your risk that way, but the exploit still exists.
  • 0 Hide
    okibrian , June 18, 2014 5:26 PM
    And here's another log to add onto the fire:
    http://www.cnet.com/news/thousands-of-secret-keys-found-in-android-apps/
  • 0 Hide
    WINTERLORD , June 19, 2014 2:20 AM
    great, do you think there will be an update to fix this? or would you need to wait till a new android version and buy a new device
  • 2 Hide
    house70 , June 19, 2014 4:39 AM
    Any OS can be exploited. Just like iOS is jailbroken, Android can be rooted, etc. The exploit per-se is not dangerous, just some applications; the same old common sense when deciding to allow an app to install still applies.

    It's amazing how every single article like this ends with the same conclusion: leave your default phone settings alone if you don't know exactly what you're doing, yet people still react as if the end of the mobile world is coming. The apocalyptic tone of the title doesn't help.
  • -2 Hide
    sunflier , June 19, 2014 11:07 AM
    I don't believe this non-sense. My Galaxy S5 is just fi
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter