Android leak allows malicious apps to completely take over the device

A leak in all Android versions from 4.3 to M Preview 1 allows attackers to gain complete control over a device through a fake app without special permissions. Google has patched the leak ahead of the unveiling.

IBM Security Intelligence states that the vulnerability occurred in 55 percent of Android installations. The hack succeeded thanks to a vulnerability in the OpenSSLX509Certificate class. This allowed a malicious app to gain additional system permissions, eliminating the need to ask for special permissions in the Google Play Store. The researchers tried the exploit on a Nexus 5 running Android 5.1.1.

For example, after the app has obtained its rights, attackers can replace an existing application with a counterfeit version, which can then send its login details to the attackers. Other than the reboot, there is nothing a user notices of the exploit working. The IBM team will present the exploit at Usenix Woot ’15 in Washington next week. The paper they wrote about it is readily available.

Google has already closed the leak with patched versions of Android 4.4, 5.0, 5.1 and M. Google Play Services has also received an update to help close the leak.