Dangerous Rooting Flaws Fixed in Android

Posted on April 21, 2016 by Vladimir Ghilien

A new batch of security flaws in Android have been fixed by Google. These vulnerabilities could let hackers take over gadgets through malicious apps or remotely.

Google released over-the-air Nexus firmware updates and Android Open Source Project (AOSP) early in January. Manufacturers partnering with the company got the fixes in the beginning of December, in advance, in order to release updates in accordance to schedules of their own.

These new patches deal with six crucial, two high, and five moderate flaws. The gravest vulnerability is located in Android’s mediaserver component. This is a core part of the OS and handles media playback along with parsing of the corresponding file metadata.

 

Onegini Mobile Security Platform Brochure download button

 

Exploitation of this vulnerability allows attackers to execute arbitrary codeunder the guise of the mediaserver process, thus obtaining privileges not provided to regular third-party apps. The flaw is especially dangerous, since it could be exploited remotely via tricking users into running specifically made media files in their web browsers or by sending them through MMS.

Google’s been busy locating and patching Android vulnerabilities related to media files since July, when a crucial media parsing library flaw known as Stagefright resulted in a grand coordinated patching effort from manufacturers of Android gadgets, as well as prompted Samsung, LG, and Google to introduce monthly updates on security.

Apparently, the media processing flaws’ stream got slower these days. The leftover five crucial flaws patched in this release have to do with bugs in the kernel or its drivers. The kernel is basically the most precious component of the Android OS.

One of the vulnerabilities was in the MediaTek’s misc-sd driver and another one was in an Imagination Technologies driver. Both of them could be exploited by a malicious app for rogue code execution within the kernel, which would fully compromise the system, potentially leading to the OS re-flashing for recovery.

A similar vulnerability was located and fixed right in the kernel. Two more were discovered in the Widevinw QSEE TrustZone app, potentially permitting rogue code execution in the TrusZone context to hackers. TrustZone is basically a security extension of the ARM CPU architecture based on hardware that permits execution of sensitive codes in a privileged environment, which is separate from the OS.

Kernel privilege escalation flaws are the kind of vulnerabilities that could be used for rooting Android gadgets. Rooting is a process, through which consumers obtain full control of their gadgets. Although this capability is utilized legally by some power users and enthusiasts, it may as well result in persistent compromises of gadgets in the attackers’ hands.

This is the reason why Google isn’t permitting rooting applications in its Google Play app store. Such local security features of Android, as SafetyNet and Verify Apps are meant to monitor and prohibit such apps.

In order to complicate the remote exploitation of media parsing vulnerabilities, the automatic multimedia messages’ display has been turned off in the default Messenger app and Google Hangouts ever since the very first Stagefright flaw in July, 2015.

Topics: Security, IT

White paper: Digital Transformation Insurance Companies