Rogue apps could exploit Android vulnerability to brick devices, researchers warn

The only way to recover from such an attack involves wiping all user data from affected devices, researchers from Trend Micro said

A vulnerability in Android that was publicly disclosed in mid-March could be exploited by malicious applications to force devices into an endless reboot loop, according to security researchers from Trend Micro.

The vulnerability was originally reported on March 16 by a user named Ibrahim Balic who described it as a memory corruption bug that forces the Android OS to crash, leading to a denial-of-service condition.

The bug can be triggered by an application that contains a name string of over 387,000 characters, Balic said at the time, adding that he tried to upload one such application to Google Play and inadvertently crashed the service, making it unavailable to other developers for hours.

Researchers from security vendor Trend Micro have since analyzed the issue in more detail from a client-side perspective and confirmed that Android versions 4.0 and above are affected.

"We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets, which include 'bricking' a device, or rendering it unusable in any way," they said Sunday in a blog post. "In this context, the device is 'bricked' as it is trapped in an endless reboot loop."

An attacker could exploit this vulnerability by tricking users into installing a maliciously crafted app that includes a large amount of data in an Activity label, the equivalent of the window title on Windows. For example, the app could include a legitimate Activity that's used by default and a hidden, malicious one that's triggered based on a timer to crash the device, the Trend Micro researchers said.

"An even worse case is when the malware is written to start automatically upon device startup," they said. "Doing so will trap the device in a rebooting loop, rendering it useless."

The only method to recover from such an attack would be to perform a factory reset from the bootloader options, but this implies deleting all user data and preferences stored on the device including contacts, photos and files, the Trend Micro researchers said.

Google did not immediately respond to a request for comment.

Even if the company detects apps that attempt to exploit this issue and prevents them from being uploaded on Google Play, which is likely after Balic's exploit in mid-March, attackers can still use other techniques to distribute malicious apps to users. This includes uploading them to third-party app stores that are popular in certain markets like China or Russia, using Windows malware to inject content into browsing sessions and advertise the rogue apps on trusted sites and using Windows malware to automatically install such apps on Android devices connected to infected computers.

In January security researchers from Symantec identified a Trojan program that tried to install mobile banking malware on Android devices connected to compromised computers by using the legitimate Android Debug Bridge (ADB) command line tool.

While investigating the risks associated with the vulnerability reported by Balic, the Trend Micro researchers identified a second flaw that can be used to crash Android's PackageManager and ActivityManager services.

When this happens, all other processes that depend upon PackageManager also crash, leaving the Android device completely unusable, the researchers said. Apps targeting this second vulnerability can't be installed through the regular Android user interface, but they can be deployed through ADB, which is used by many third-party market clients, they said.

Google has been notified about both vulnerabilities, but users should take the necessary precautions to protect their devices, the Trend Micro researchers said."It's important to treat third-party apps with a healthy dose of suspicion and skepticism as cybercriminals are always on the lookout to find and exploit every nook and cranny in Android devices."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags symantecGoogletrend microsecuritymobile securityExploits / vulnerabilitiesmalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?