• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 11th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Hackers Can Replace Apps on Your Android Device with New Vulnerability

Hackers Can Replace Apps on Your Android Device with New Vulnerability

August 16th, 2015 Waqas Security 0 comments
Hackers Can Replace Apps on Your Android Device with New Vulnerability
Share on FacebookShare on Twitter

The Zero-day vulnerability presented by IBM’s researchers Or Peles and Roee Hay will affect all Android devices.

The two researchers from IBM’s X-Force Application Security Research Team presented a paper titled One Class to Rule Them All at the USENIX WOOT 2015 Security Conference held in Washington D.C.

[must url=”https://www.hackread.com/android-malware-development-17-sec/”]Hackers Develop Android Malware Every 17 Seconds[/must]

Hackers Can Replace Apps on Your Android Device with this New Vulnerability

Hackers Can Replace Apps on Your Android Device with this New Vulnerability

In their paper, the researcher duo provided CVE-2014-3153 proof of concept. CVE-2014-3153 is a vulnerability that was identified by them in Android’s Open SSLX509 Certificate class.

The class, if and when leveraged by an attacker/hacker, would let them enhance the privileges of a lower-level app by allowing it super-privileges such as system user status on the android device.

Hackers can Replace Real Apps with Fake Ones:

The CVE-2014-3153 zero-day vulnerability can easily be exploited by attackers as all they need is an entry point into the Android device. That is because they just need to inject a tiny snippet of code to enhance the privileges of an app. That tiny piece of code could be hidden in any low-level app or a game they would like. They may also host it on Play Store.

When the code is accessed and installed by a user, it will be executed and the low-level app would receive system-level privileges.

On the contrary, if the entry point is a “malicious” app and along with the escalation code, it contains additional complex procedures too then the user might get into greater trouble.

This vulnerability could easily be used by an attacker to install malicious APKs on any targeted android device. Later, the attacker could use them to replace authentic apps such as Facebook.

The Aftermath:

Escalating privileges through this new zero-day vulnerability aren’t limited to replacing real apps with fake ones. Attackers can download just about anything they want to from the device as well as spy on the user. The user would never be notified or prompted with any popups about whatever is happening in the background.

Around 55% of all Android devices to be affected:

Researchers claim that Android devices running the versions between 4.3 and 5.1 will get affected from this vulnerability. This means Jelly Bean, KitKat and Lollipop all will be affected. Moreover, the yet unnamed M version is vulnerable as well. This means around 55% of the Android market is in danger.

[must url=”https://www.hackread.com/android-phones-new-vulnerbility-lifeless/”]Android Devices in Danger! New Vulnerability Can Make Them Lifeless[/must]

The IBM team also took steps to disclose this vulnerability properly and Google has issued patches already.

Report typos and corrections to admin@hackread.com

[src src=”source” url=”http://news.softpedia.com/news/android-vulnerability-lets-hackers-replace-apps-on-your-device-489000.shtml”]Softpedia[/src]

  • Tags
  • Android
  • hackers
  • security
  • Security Flaw
  • Vulnerability
  • zero-day
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Kaspersky Accused of Producing Fake Malware to Sabotage Competitors
Next article PayPal Customers Hit with 'Changes to Legal Agreements' Phishing Scam
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
Cyber attack cripples networks in city of Pensacola days after shooting

Cyber attack cripples networks in city of Pensacola days after shooting

Fake VPN website delivering password-stealing malware

Fake VPN website delivering password-stealing malware

New privacy tool exposes which website leaves your data unprotected

New privacy tool exposes which website leaves your data unprotected

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Cyber attack cripples networks in city of Pensacola days after shooting
Cyber Attacks

Cyber attack cripples networks in city of Pensacola days after shooting

276
20 years prison for Romanian hackers who infected 400,000 computers
Cyber Crime

20 years prison for Romanian hackers who infected 400,000 computers

328
FBI uses PlayStation to bust large scale drug deal
Cyber Crime

FBI uses PlayStation to bust large scale drug deal

781
Fake VPN website delivering password-stealing malware
Security

Fake VPN website delivering password-stealing malware

1375

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us