One Billion Android Devices Open To Privilege Escalation 117
msm1267 (2804139) writes "The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks. Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges. The vulnerability occurs in the way PMS handles updates to the myriad flavors of Android in circulation today. The researchers say PMS improperly vets apps on lower versions of Android that request OS or app privileges that may not exist on the older Android version, but are granted automatically once the system is updated.
The researchers said they found a half-dozen different Pileup flaws within Android's Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said." Handily enough, the original paper is not paywalled.
The researchers said they found a half-dozen different Pileup flaws within Android's Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said." Handily enough, the original paper is not paywalled.
Nevertheless, I do thank MS for pointing it out ! (Score:3, Interesting)
That is certainly an issue, but not the huge gaping security flaw the summary makes it sound like
A security flaw is a security flaw. Whether or not it's a "gaping hole" it still can be exploited.
For that, I sincerely thank Microsoft for so kindly pointed out that security flaw.
No matter what's the ultimate intention / agenda of Microsoft in this case, with this security flaw exposed, let us hope that Google can do something to plug it, and make those "Billion Android Devices" just a little bit more safer.
Wow (Score:5, Interesting)
There are one billion Android devices? That's awesome!
Re:Nevertheless, I do thank MS for pointing it out (Score:5, Interesting)
Now let's talk about that last patch batch where IE couldn't even safely display a JPEG in any currently supported version on any version of Windows.
Re:Nevertheless, I do thank MS for pointing it out (Score:4, Interesting)
"Kindly"? Are you serious? There was nothing "kind" about it. It's anti-Android PR for Microsoft. Why the hell do you think Microsoft was involved with looking into it in the first place? The goodness of their hearts? Puh-leeeeeze.
What do you think of IE vulnerabilities found by Googlers ?
http://www.google.com/about/ap... [google.com]
Re:Nope (Score:1, Interesting)
But if I install an app that asks for it on an Android 4.0 device, the app will install without any warnings. If the device is then upgraded to 4.2, the app will silently get the "Across_users" permission activated. So now we have a user-installed app which has a permission that it could never legitimately have that lets it bypass security and the sandbox, and the user will be unaware of the problem.
Mod Parent UP.
That is EXACTLY it in a nutshell. Perfectly described.
Pretty devious way for someone like the NSA (or a Prince from Nairobi) to get their hooks into your Android.
Shudder...
Cyanogenmod Privacy Guard (Score:5, Interesting)
Using Privacy Guard, I can see that Facebook has attempted to read my contact list 94 times. These attempts were blocked.