Sunday, July 14, 2013

Technology News : Linux bug - Comes to Android

Android users have been warned that a recently-discovered Linux bug has been modified to work on Android smartphones and tablets.

Perhaps not the easiest threat to remember, CVE-2013-2094 is a vulnerability that allows criminals to escalate privileges to a point where they can, effectively, achieve complete control of a device.

The threat exists on the Android platform due to the fact that Android was developed using Linux, and so many Linux vulnerabilities could potentially be exploited on Android.

The Linux vulnerability originally affected systems running on the 2.6 version of the Linux Kernel. In Android, Jelly Bean (version 4.2) uses version 3.0 of the Linux Kernel, although previous versions were built upon 2.6. This doesn't explicitly mean that Jelly Bean devices aren't at risk, but it does mean that tablets or smartphones using older versions of Android are more likely to be.

Unfortunately, for devices using older versions, any threat has little chance of going away without an update to resolve the issue. That's a problem if a device is continually out of date, but even more so if hardware receives no support or OS updates after release.

In regards to the exploit itself, the Symantec Connect Blog explains the seriousness of privilege escalation software: "Privilege escalation exploits are particularly dangerous as they can allow cybercriminals to gain complete control over the compromised device. The Android operating system normally sandboxes every application so they cannot perform sensitive system operations or interfere with other installed applications".

Adding to that and highlighting potential issues users might face, the blog states, "In the past, we have seen malware use privilege escalation exploits to access data from other applications, prevent uninstall, hide themselves, and also bypass the Android permissions model to enable behaviours such as sending premium SMS messages without user authorization."

Android users should take steps to avoid allowing malware using the CVE-2013-2094 vulnerability – or any other exploit – to gain access to devices. To protect yourself and reduce the risk to your Android or smartphone or tablet you can do the following…

  • Ensure your Android smartphone or tablet has the latest version of Android installed (if available)
  • Restrict app installs to those from Google's Play Store
  • Protect your device with Norton Mobile Security, ensuring the latest update is loaded.

Together, these three precautions will ensure that you minimise the risk as much as possible, while having help on hand to remove any malware which seeks to give itself free reign. 

Read More: http://www.mobilesecurity.com/articles/551-linux-exploit-comes-to-android

No comments:

Post a Comment