• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Hackers Can Replace Apps on Your Android Device with New Vulnerability

August 16th, 2015 Waqas Security 0 comments
Hackers Can Replace Apps on Your Android Device with New Vulnerability
Share on FacebookShare on Twitter

The Zero-day vulnerability presented by IBM’s researchers Or Peles and Roee Hay will affect all Android devices.

The two researchers from IBM’s X-Force Application Security Research Team presented a paper titled One Class to Rule Them All at the USENIX WOOT 2015 Security Conference held in Washington D.C.

[must url=”https://www.hackread.com/android-malware-development-17-sec/”]Hackers Develop Android Malware Every 17 Seconds[/must]

Hackers Can Replace Apps on Your Android Device with this New Vulnerability

Hackers Can Replace Apps on Your Android Device with this New Vulnerability

In their paper, the researcher duo provided CVE-2014-3153 proof of concept. CVE-2014-3153 is a vulnerability that was identified by them in Android’s Open SSLX509 Certificate class.

The class, if and when leveraged by an attacker/hacker, would let them enhance the privileges of a lower-level app by allowing it super-privileges such as system user status on the android device.

Hackers can Replace Real Apps with Fake Ones:

The CVE-2014-3153 zero-day vulnerability can easily be exploited by attackers as all they need is an entry point into the Android device. That is because they just need to inject a tiny snippet of code to enhance the privileges of an app. That tiny piece of code could be hidden in any low-level app or a game they would like. They may also host it on Play Store.

When the code is accessed and installed by a user, it will be executed and the low-level app would receive system-level privileges.

On the contrary, if the entry point is a “malicious” app and along with the escalation code, it contains additional complex procedures too then the user might get into greater trouble.

This vulnerability could easily be used by an attacker to install malicious APKs on any targeted android device. Later, the attacker could use them to replace authentic apps such as Facebook.

The Aftermath:

Escalating privileges through this new zero-day vulnerability aren’t limited to replacing real apps with fake ones. Attackers can download just about anything they want to from the device as well as spy on the user. The user would never be notified or prompted with any popups about whatever is happening in the background.

Around 55% of all Android devices to be affected:

Researchers claim that Android devices running the versions between 4.3 and 5.1 will get affected from this vulnerability. This means Jelly Bean, KitKat and Lollipop all will be affected. Moreover, the yet unnamed M version is vulnerable as well. This means around 55% of the Android market is in danger.

[must url=”https://www.hackread.com/android-phones-new-vulnerbility-lifeless/”]Android Devices in Danger! New Vulnerability Can Make Them Lifeless[/must]

The IBM team also took steps to disclose this vulnerability properly and Google has issued patches already.

Report typos and corrections to admin@hackread.com

[src src=”source” url=”http://news.softpedia.com/news/android-vulnerability-lets-hackers-replace-apps-on-your-device-489000.shtml”]Softpedia[/src]

  • Tags
  • Android
  • hackers
  • security
  • Security Flaw
  • Vulnerability
  • zero-day
Facebook Twitter LinkedIn Pinterest
Previous article Kaspersky Accused of Producing Fake Malware to Sabotage Competitors
Next article PayPal Customers Hit with 'Changes to Legal Agreements' Phishing Scam
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
X-rated social media app Fleek exposed explicit photos of users

X-rated social media app Fleek exposed explicit photos of users

Top Tips to Upscale Your Netflix Security Instantly

Top Tips to Upscale Your Netflix Security Instantly

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers compromised IObit forum to spread DeroHE ransomware
Hacking News

Hackers compromised IObit forum to spread DeroHE ransomware

47
X-rated social media app Fleek exposed explicit photos of users
Leaks

X-rated social media app Fleek exposed explicit photos of users

63
Top learning management system (LMS) software for small businesses
Technology News

Top learning management system (LMS) software for small businesses

584

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us