Android Hole could Result in Endless Reboot

Tuesday, March 25, 2014 @ 06:03 PM gHale


An app exploiting an Android vulnerability triggers the continuous rebooting of a device.

Ibrahim Balic, the creator of the Proof-of-Concept (PoC) that exploits the vulnerability said it can end up exploited via apps that have been equipped with an extremely long value (387,000 characters+ characters) inserted into the “appname” field in strings.xml.

RELATED STORIES
WhatsApp Chats Visible on Android
Android RAT on Prowl
Android Devices Preloaded with Malware
Android Malware Using TOR

Trend Micro researchers said the flaw exists by saying, “our analysis shows that the first crash is caused by the memory corruption in WindowManager, the interface that apps use to control the placement and appearance of windows on a given screen. Large amounts of data were entered into the Activity label, which is the equivalent of the window title in Windows.”

“If a cybercriminal builds an app containing a hidden Activity with a large label, the user will have no idea whatsoever that this exploit is in fact taking place. Cybercriminals can further conceal the exploit by setting a timed trigger event that stops the current app activity and then opens the hidden Activity. When the timed event is triggered, the exploit runs, and the system server crashes as a result. This stops all functionality of the mobile device, and the system will be forced to reboot.

“An even worse case is when the malware is written to start automatically upon device startup. Doing so will trap the device in a rebooting loop, rendering it useless. In this case, only a boot loader recovery fix will work, which means that all the information (contacts, photos, files, etc.) stored inside the device will be erased.”

The flaw apparently affects mobile devices with Android OS versions 4.0 and above.



Leave a Reply

You must be logged in to post a comment.