New Android OS Bug May Paralyze Your Phone And Wipe-Out Data; Affects Android 4.0 And Upwards
By Pavithra Rathinavel | March 26, 2014 6:13 PM EST
London-based Researcher Ibrahim Balic has discovered critical bugs in Google's Android OS that has the potential to let "malicious apps" take control of your Android-based devices and send them into an endless looping spiral that could leave the device unusable. This technique is also known as "bricking."
Android 4.4 KitKat
Upon trying to "hard reset" (a.k.a factory reset) the device, all the stored data would be permanently lost. This bug affects Android 4.0 and upwards. Notably, this bug is categorized as "memory corruption bug," ZDNet said.
How Does the Bug Work?
The bug can be triggered by setting the Android's "Application Name" attribute (app name) to more than 387,000 characters.
Balic uploaded his proof of concept file to Google Play to test against "Google's Bouncer." It is an automated scanning process of Android market looking for malicious software within a short period while many developers reported being unable to upload their apps to Google's marketplace. This confirmed that in addition to crashing Android-based devices, the bug also causes renunciation (denial) of services.
Trend Micro's Mobile Threat Analyst Veo Zhang said, "We believe that this vulnerability may be used by cyber-criminals to do some substantial damage on Android smartphones and tablets. The device is stuck in an endless reboot loop, or a boot-loop. This can render the device unusable, which some may consider 'bricking' it."
By entering large amounts of data into the activity label, which is the Android equivalent of the Window title in Microsoft Windows operating systems, attackers can create malicious apps that have the potential to exploit the vulnerability. This will cause the device to crash and restart upon running the app.
Also, Balic's finding can cause several Android device services like Windows Manager, Package Manager and Activity Manager to crash.
Which Versions of Android OS is Vulnerable?
According to Balic's blog post, all the versions of Android OS are vulnerable to this attack. Balic could only confirm that Android 2.3 Gingerbread, Android 4.2.2 and Android 4.3 Jelly Bean are tested and affected by the bug.
What Could be the Worst Case Scenario?
If the malware is coded to start automatically when the device is restarted, there is no fix to the problem. The only way to make the device responsive is by doing a factory reset. But as a bargain, the user will lose the stored data in the device.
Apparently, it is not fun anymore for the cybercriminals to steal your data, instead making your device unusable seems like the new fad in the cybercrime world.
To contact the editor, e-mail:
Most Popular Slideshows
- Real Life ‘Frozen’: Snow Overwhelms The US, Kills 7; More To Come (Pictures)
- ‘The Walking Dead’ Season 5, Episode 8 Spoilers: Daryl Dixon Is Set To Burn The Place Down in ‘Coda’
- Angelina Jolie, Brad Pitt in Sydney for ‘Unbroken’ Red Carpet Premiere [PHOTOS]
- G20 Summit Awkward Moments: Putin Yawns, Mystery Bubbles Appear, F18 Drama Ensues
Join the Conversation
- Walmart Early Price Matching Special Event On Nov. 21, 2014 Matches Its Competitors' Black Friday 2014 Prices And Includes Exclusive Deals For Samsung LED HDTVs And iPad Air 2 [WATCH VIDEO]
- US Plane Flying Over Russian Skies Spotted; Vladimir Putin Ready For 'Practical Cooperation' With US
- Alleged 'Microsoft Lumia 1030' Front Panel Leaked With Capacitive Buttons; 'Xbox One' Owners To Get Free Goodies On Anniversary
- Nexus 6 Release Date And Price Under AT&T, T-Mobile And Sprint Listed
- Walmart Pre-Black Friday 2014 Sale On Nov. 21, 2014 Includes Discounts On The 'NBA 2K15' For PS4 And The 'Skylanders Trap Team’ Starter Kit [WATCH VIDEO]
- Black Friday 2014 Sale: Top Deals On Game Consoles Xbox One, PS4, Nintendo Wii U And More
- Cold War 2: Russia, China And North Korea’s Blacklisted Company Fortify Alliance -- Reports