UPDATED 13:14 EDT / AUGUST 10 2015

NEWS

IBM discovers another critical Android flaw that lets hackers replace real apps with malware

IBM Corp. has not waited for the shock from the recent discovery of a vulnerability affecting 95 percent of Android phones to wear off before dropping another security bombshell that is bound to raise even more alarm over the safety of the world’s most popular mobile platform. Its researchers have discovered a second exploit deep within the operating system that holds the same potential for harm.

The flaw, known by its technical designation of CVE-2015-3825, shares the passive susceptibility to attack that makes Stagefright- as its fellow bug is known – so dangerous. The main difference is that the mode of exploitation is not a text message but rather a piece of malicious code disguised as a legitimate application. It’s a tried-and-tested approach with one important twist.

Malware developed to exploit the vulnerability, of which it’s worth noting that IBM haven’t seen any examples beyond its proof-of-concept yet, wouldn’t execute an attack on its own but rather subvert other apps on the victim’s device through the internal communications mechanism in Android. Its friendly facade would act to hide the malicious process sending out infected messages in the background.

That means that the user not only doesn’t need to provide any special permission for the app to spread its malicious payload but likely won’t notice anything out the ordinary either if the hacker covers their tracks well enough. The targeted app receives a file with objects  of the vulnerable OpenSSLX509Certificate class that loosen the access restrictions on the memory space where its bits are stored to allow for override.

That enables the hacker to replace a legitimate application with a lookalike designed to trick the user into willingly giving away their personal data. IBM’s researchers showed how the vulnerability can be used to create a replica of the official Facebook app to steal social networking login credentials in their presentation, pointing out that the clone can also access whatever unencrypted local information has been available to real client it replaced.

It’s severe flaw that affects many applications on versions 4.3 and above of Android, but there are some good news: IBM notified Google’s security team of the flaw well in advance of its presentation and a patch has since been issued. That means users are out of the woods, assuming they’ve been updating their devices that is, something that organizations will no doubt double-check with their employees in the wake of the past week’s security discoveries.

Photo via andrekheren

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.