Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT tid,hits,start_time FROM biztimes_stats.stats_articles_au WHERE tid='545085' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT cmt_count FROM ib_articles_counts WHERE id='545085' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_sources WHERE id='3001' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_articles_options WHERE article_id='545085' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT article_id FROM ib_topics_index WHERE tid='235' ORDER BY id DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT article_id FROM ib_topics_index WHERE tid='898' ORDER BY id DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_rates WHERE article_id='545085' LIMIT 1 New Android OS Bug May Paralyze Your Phone And Wipe-Out Data; Affects Android 4.0 And Upwards - International Business Times

New Android OS Bug May Paralyze Your Phone And Wipe-Out Data; Affects Android 4.0 And Upwards

  • Rate this Story
  • 0
  • 0

By Pavithra Rathinavel | March 26, 2014 6:13 PM EST

London-based Researcher Ibrahim Balic has discovered critical bugs in Google's Android OS that has the potential to let "malicious apps" take control of your Android-based devices and send them into an endless looping spiral that could leave the device unusable. This technique is also known as "bricking."

Android.com
Android 4.4 KitKat

Upon trying to "hard reset" (a.k.a factory reset) the device, all the stored data would be permanently lost. This bug affects Android 4.0 and upwards. Notably, this bug is categorized as "memory corruption bug," ZDNet said.

How Does the Bug Work?

The bug can be triggered by setting the Android's "Application Name" attribute (app name) to more than 387,000 characters.

Balic uploaded his proof of concept file to Google Play to test against "Google's Bouncer." It is an automated scanning process of Android market looking for malicious software within a short period while many developers reported being unable to upload their apps to Google's marketplace. This confirmed that in addition to crashing Android-based devices, the bug also causes renunciation (denial) of services.

Trend Micro's Mobile Threat Analyst Veo Zhang said, "We believe that this vulnerability may be used by cyber-criminals to do some substantial damage on Android smartphones and tablets. The device is stuck in an endless reboot loop, or a boot-loop. This can render the device unusable, which some may consider 'bricking' it."

By entering large amounts of data into the activity label, which is the Android equivalent of the Window title in Microsoft Windows operating systems, attackers can create malicious apps that have the potential to exploit the vulnerability. This will cause the device to crash and restart upon running the app.

Also, Balic's finding can cause several Android device services like Windows Manager, Package Manager and Activity Manager to crash.

Which Versions of Android OS is Vulnerable?

According to Balic's blog post, all the versions of Android OS are vulnerable to this attack. Balic could only confirm that Android 2.3 Gingerbread, Android 4.2.2 and Android 4.3 Jelly Bean are tested and affected by the bug.

What Could be the Worst Case Scenario?

If the malware is coded to start automatically when the device is restarted, there is no fix to the problem. The only way to make the device responsive is by doing a factory reset. But as a bargain, the user will lose the stored data in the device.

Apparently, it is not fun anymore for the cybercriminals to steal your data, instead making your device unusable seems like the new fad in the cybercrime world.

To contact the editor, e-mail:

(Photo: Android.com / )
Android 4.4 KitKat
Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT id FROM ib_slideshows WHERE timestamp>1413962999 AND hits>0 AND outkey='Y' ORDER BY hits DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT id FROM ib_slideshows WHERE timestamp<1413962999 AND timestamp>1413703799 AND hits>0 AND outkey='Y' ORDER BY hits DESC LIMIT 10
  • Rate this Story
  • 0
  • 0

Join the Conversation

IBTimes TV
E-Newsletters

We value your privacy. Your email address will not be shared.