Many Android Users Susceptible To Plug-In Exploit -- And Many Of Them Have It 61
Ars Technica reports that a recently reported remote access vulnerability in Android is no longer just theoretical, but is being actively exploited. After more than 100,000 downloads of a scanning app from Check Point to evaluate users' risk from the attack, says Ars, In a blog post published today, Check Point researchers share a summary of that data—a majority (about 58 percent) of the Android devices scanned were vulnerable to the bug, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices already carrying the vulnerable plug-in was LG—over 72 percent of LG devices scanned in the anonymized pool had a vulnerable version of the plug-in.
Nope... (Score:2)
Re: (Score:2)
Re: (Score:3)
No, it's true for people who don't care about security.
Which appears to make up a majority of users.
The first thing I ever do when I get a new phones or tablet is wipe it and install a custom Android firmware sans-manufacturer's and Google's garbage software.
The necessity of this convoluted process - where it is even an option - is probably the reason the statistics show the majority are vulnerable.
I know I'm shocked (Score:2)
I know I'm shocked...how about you? Is this shocking tech news or what??
Re: I know I'm shocked (Score:1)
OMG - Mine is INFECTED! (Score:5, Funny)
I just realized that my LG G3 has the exploit vulnerability - and I'm freaking out because I know that it has been exploited!!!
Oh, wait...I put that on there so I could root my device.
Nevermind.
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
story fails to answer important questions (Score:2)
1. Am I affected?
2. What is the fix?
Re: (Score:3, Funny)
What is the fix?
Buy an iPhone?
Re: (Score:1)
What is the fix?
Buy an iPhone?
H, that won't stop third parties accessing your data.
Re: (Score:2)
H, that won't stop third parties accessing your data.
But, if it comes with buggy crapware preinstalled by the manufacturer, you at least have some chance of getting a fix.
Re: (Score:1, Funny)
H, that won't stop third parties accessing your data.
But, if it comes with buggy crapware preinstalled by the manufacturer, you at least have some chance of getting a fix.
Really?, i can disable preinstalled crap on my Android phone, i can choose what to run and what not to, can you or are you limited to what your phone's manufacturer allows you to?
Re: (Score:3, Informative)
Really?, i can disable preinstalled crap on my Android phone, i can choose what to run and what not to, can you or are you limited to what your phone's manufacturer allows you to?
Pretty much any non-Google Android phone has crapware you can't get rid of, and it's been the source of many of the horrible security problems of recent months. Samsung's keyboard app, for example, which downloads unsigned files to anywhere on the device.
Re: (Score:1)
Really?, i can disable preinstalled crap on my Android phone, i can choose what to run and what not to, can you or are you limited to what your phone's manufacturer allows you to?
Pretty much any non-Google Android phone has crapware you can't get rid of, and it's been the source of many of the horrible security problems of recent months. Samsung's keyboard app, for example, which downloads unsigned files to anywhere on the device.
You're wrong, i can disable pre-installed crap. Is it Andriod's fault that Samsung modifies the system?. I'm really not interested in what you or pretty much anybody thinks it's best, is up to everyone to choose which one they prefer. I was a Samsung user, and i'm pretty sure that it'd be a long time before i spend money on another of their products, that being said, i'll never buy an Apple product, they're not better, they don't have more features and they are waaaay more expensive than any of their alte
Re: (Score:2, Interesting)
You're wrong, i can disable pre-installed crap. Is it Andriod's fault that Samsung modifies the system?
Uh, I'm right. Just because you can disable preinstalled crap on your magic not-Google-but-not-locked-down Android phone, doesn't mean that most Android users can.
Again, I was pointing out that, if you buy an iPhone, the only preinstalled crap comes from Apple, and they can quickly ship a fix. If you buy Android, the preinstalled crap comes from Xonaxzuing Enterprises, Inc, and... you'll never get a fix.
Re: (Score:1, Funny)
You're wrong, i can disable pre-installed crap. Is it Andriod's fault that Samsung modifies the system?
Uh, I'm right. Just because you can disable preinstalled crap on your magic not-Google-but-not-locked-down Android phone, doesn't mean that most Android users can.
Again, I was pointing out that, if you buy an iPhone, the only preinstalled crap comes from Apple, and they can quickly ship a fix. If you buy Android, the preinstalled crap comes from Xonaxzuing Enterprises, Inc, and... you'll never get a fix.
No you're not, i did it on my previous SAMSUNG Galaxy S3 and on my new Motorola X, so, you're wrong. If you don't know how to do it, doesn't mean that it isn't true. Since i did it, SEVERAL times, you're wrong, and i my phones were not rooted nor modified in any way. You'll get a fix IF Apple decided to provide one, your assumption that Apple will do it because it's Apple and that any Andriod phone won't because it's Google is meaningless and shows that you don't know what you're talking about.
Re: (Score:1)
I'll give both of you a dollar to shut up.
Re: (Score:1)
To be "that guy".
Any android user on any build from any manufacturer has the ability to disable built in bloatware. Yes, it takes extra steps that novices won't know, to actually REMOVE them, but any android user can, and usually does, disable them.
That's not the point. And it's not the point that apple crapware only comes from apple, no one gives a shit about your iphone. No one but you.
The issue here is this plugin is getting system level access, this is something a non-rooted user is NOT supposed to be able to do. Yes, in this case, you need a bad version of teamviewer, but some roms have this baked in. The issue is, if this "undocumented feature" can allow this application to gain system level access, what other apps can exploit this?
Is the "plugin" installed as root by manufacturers/carriers or is it actually a vulnerability on Andriod that allows it to access system privilege level?
Re: (Score:2)
You're wrong, i can disable pre-installed crap. Is it Andriod's fault that Samsung modifies the system?.
Is who's fault it is supposed to make some difference?
It is exactly what it is.
Re: (Score:2)
Is who's fault it is supposed to make some difference?
Yes of course it is! I bought an Android device and my choice created an emotional investment in the platform.
Someone steals my shit, I don't care exactly who. I just know my shit's been stolen. Must be the difference between myself and the normal person. Although I've liked Apple products best for years, I have all manner of computing tools, from my iPhone and iMac, on which I run bootcamp and W7, a sacrificial Windows 10 box, to a number of linux computers and even a ChromeOS laptop. I have even have an old touchpad that I rooted to run Android with Cyanogen.
But I avoid emotional attachments with my electroni
Re:story fails to answer important questions (Score:5, Informative)
It doesn't bother to mention that the plugin in question is Team Viewer, which apparently comes pre-installed on some phones.
corporate sales (Score:3)
"infinitesimal percentage of devices". For remote (Score:4, Insightful)
The article states it "discovered installed on an infinitesimal percentage of devices". These are devices with TeamViewer installed, an application DESIGNED to allow someone to remotely control your device over the network.
If you install TeamViewer on Windows, people can take over your machine over the internet. If you install TeamViewer on Mac, people can take over your machine over the internet. That's what it's designed for. Therefore, from a security perspective TeamViewer is a very bad idea.
It's no surprise that an application designed to give someone else full control of your machine is imperfect, and therefore can sometimes allow full access by someone who shouldn't have access.
Re: (Score:3)
If you install TeamViewer on Mac, people can take over your machine over the internet. That's what it's designed for. Therefore, from a security perspective TeamViewer is a very bad idea.
It's no surprise that an application designed to give someone else full control of your machine is imperfect, and therefore can sometimes allow full access by someone who shouldn't have access.
Wee difference there. On Android, nobody is supposed to get full control of the system. If someone is using TeamViewer to control it, they should not need more permissions than the local user has. After all, it's a screen sharing app. The remote user can only do what the local user can do.
It seems like the app has additional permissions to do things that normally wouldn't be possible (screen capture is what the article mentions), but somehow these extra permissions are made available to one of the users. Th
bug yes, and local access is full access (Score:3)
> If someone is using TeamViewer to control it, they should not need more permissions than the local user has. After all, it's a screen sharing app. The remote user can only do what the local user can do.
The local user can root the device and can replace operating system files. As expected (but not exactly as designed), TeamViewer can be used to get quite a bit of access.
The design is that the local user has some limits, or at least that it's _inconvenient_ for the local user to do certain things, inc
Re: (Score:2)
I don't believe you've understood Android's security model (though I'm not an expert myself). The local user cannot do those things, and the user does not have ultimate permission. Unless there is an exploit on the device. There have been plenty of devices that were un-rootable. My HTC One M7 was un-rootable (probably still is), unless you use HTC tools to perform operations on the device when it is not booted into Android. There was literally no way for the OS's local user to gain escalated permissions. If
your HTC One M7 was rooted within two months (Score:3)
The M7 was released in March 2013. By May 2013, there were youtube videos showing how to root it.
http://www.xda-developers.com/... [xda-developers.com]
"Unless you use HTC tools", what kind of criterion is that? If HTC provides a tool to root the phone, why wouldn't you use it? You _could_ write your own tool that does the same thing as the HTC tool, but why bother? With your M7, like all other devices, local access is in fact full access. (Btw I do this stuff for a living.)
My claim is that if you install Team Viewer, you
Re: (Score:2)
I was referring to the firmware it had when I bought it. *My* M7 was unrootable from within the OS. Those HTC tools don't operate within the Android OS, so that's why they get a pass in my book. This tool isn't launched from the phone, but from a computer, and it can only connect when the phone is in a hardware debugging mode (no apps, no configurability, not even a touchscreen interface).
I think I see our disagreement. If you consider playing with chips to be part of local access, then indeed local access
"should", "supposed to" vs "unsurprising" (Score:2)
I think our apparent "disagreement", might stem from talking about different things. You seem to be talking about how things _should_ work, how it would be if people were perfect, their designs were perfect, and their implementation was perfect. I hear you saying "this shouldn't be, it's an error".
I agree it's an error. I _expect_ errors. I've looked at a lot of code over the last 20 years, thousands of examples written by thousands of different programmers. I can count the bug-free instances on one hand.
This is what happens (Score:1)
When you DON'T make the user able to administrate the machine, s/he cannot secure it because of insufficient rights.
The carriers of course DON'T care because more bandwidth being fraudulently used by malware equals MORE MONEY.
The same problem exists with tablets.
And yes, I know there is a way to root the devices but this is not within the reach of even the most technical users.
Re: (Score:2)
That is so cool (Score:5, Insightful)
> Check Point researchers found an app that is actively exploiting the vulnerability. A tool called “Recordable Activator” from UK-based Invisibility Ltd is advertised as an “EASY screen recorder” that doesn’t require root access to the device. But in fact once installed from the Google Play store, the app downloads a vulnerable version of the TeamViewer plug-in from another source... "“it’s [the plug-in] considered trusted by Android, and is granted system-level permissions. From this point ‘Recordable Activator’ exploits the authentication vulnerability and connects with the plug-in to record the device screen.”
Am I the only one that thinks this is incredibly cool? It's not clear to me whether this is exactly the same thing as a root exploit, but some screen recording app developers figured out they could hijack an old version of a well-known app that can do screen recording. This is just a beautiful hack.
But I didn't think having system-level permissions was enough to root a device. And furthermore, does this hack let you do arbitrary actions, or only the actions that the plugin would do?
Re: (Score:2)
...But I didn't think having system-level permissions was enough to root a device....
It is, I don't know if you're familiar with that "rooting the device" actually means, but it's putting the su binary into /system/, that's it.
True, but system-level permission isn't sufficient to allow you to remount the /system partition as read-write and install su. You need to find a privilege escalation attack that allows you to obtain root first. However, once you have system-level permission you have access to an enormous attack surface for priv escalation attacks. Odds are you can find a way to do it.
Also, even without rooting an attacker with system-level privileges has enormous power to get the data from your device.
Re: (Score:2)
It is, I don't know if you're familiar with that "rooting the device" actually means, but it's putting the su binary into /system/, that's it.
Once su is in the proper directory, other applications can use su somecommand, this is what "root access" is on Android, nothing more.
That's one definition. Opening a root shell (regardless of the state of /system and su) is another. I've seen this called "temproot".
I'm familiar with rooting, but not with exactly what system-level permissions entails. And whether system permissions imply root-ability or not, I agree with you that it's dangerous.
But here's another question, if you know more about this than me: Once /bin/su is installed, and the user launches a "SU" app, how does the SU app prevent other apps from accessing /bin/su? Does it
FWIW (Score:2)
the check point scanner page (not the app itself, that would be silly to link to in this context) is https://play.google.com/store/... [google.com]
Check Point = Mossad (Score:2, Insightful)
Re: (Score:1)
It isn't Mossad. This rumor doesn't make sense since it is the job of signal intelligence to analyze foreign data and that work falls onto Unit 8200 of the IDF, which is equivalent to the NSA in the United States. Well, the founders of Checkpoint came from 8200. Since service in the IDF is mandatory through conscription, all Israeli technology companies have connections back to IDF and most security related firms were founded by former 8200 members.
Re: (Score:1)
You're kidding right ?
Exchange Connector (Score:2)
If you are using the Exchange Connector for gmail, your phone is already chowned. Why hasn't google suspended that component?
Reported remote access vulnerability in Android? (Score:2)
Download and install a compromised app from the Google Play store - doh !
Revokation (Score:2)