• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 6th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Technology News » Android » Google fixes vulnerabilities in Android where rooting is a double-edge sword

Google fixes vulnerabilities in Android where rooting is a double-edge sword

January 7th, 2016 Ali Raza Android, Google News, Malware, Security 0 comments
Google fixes vulnerabilities in Android where rooting is a double-edge sword
Share on FacebookShare on Twitter

Google had to intervene to fix a few vulnerabilities that risked exposing its Nexus devices and related Android operating system to remote access – or through malware – by hackers.

The tech firm has actually been working on media file related software bugs in Android OS since July last year when Stagefright – a media-parsing library – was discovered to be flawed. This called for a massive coordinated patching action by Android manufacturers and for monthly updates to be issued by Google, Samsung and LG.

Android-gif

Gif Source: Gifizer

In an effort to address these most recent vulnerabilities, the giant tech company released security updates for its Nexus devices on Monday and is due to publish further patches and stitches today. Manufacturers who are in partnership with Google had already been informed of the vulnerabilities – six critical, two high and five moderate – one month ago and will soon issue updates according to their own schedules.

The most dangerous threat was to be found in the media server Android component, which constitutes a core part of the OS, the one in charge of handling and storing digital media and analysing the corresponding file metadata.

The media server process could be tampered with by attackers so as to make an arbitrary code execution possible, either remotely by tricking users into opening “maliciously-crafted” media files or by sending those files through MMS.

[fullsquaread][/fullsquaread]

The situation is gradually stabilising as are the five other critical – high-level threats that target the very core of an OS-vulnerabilities were fixed in the release.

One of the flaws was located in the misc-sd driver from Taiwan-based MediaTek. A further flaw was in a driver from UK-based Imagination Technologies. A third one was discovered and solved directly in the kernel. The last two critical vulnerabilities were in the Widevine QSEE Trustzone application.

All of them could compromise the whole system and would require a high-maintenance recovery process. The latter ones could allow malicious activities in the TrustZone context, a hardware-based security extension of the Central Processing Unit architecture, which is separate from the operating system.

What’s really at the core of the matter is the act of rooting – the access to the phone’s inner secrets. It is, in fact, a double-edged sword depending on whose exploiting this possibility: computer wizards that just want to “have fun” or attackers full of bad intentions.

For this reason, Google does not allow rooting apps in its Google Play store. And that is why Verify Apps and SafetyNet – Local Android security features – are in place to discourage such actions.

One extra measure if caution, in order to make remote exploitations of media parsing flaws more difficult to achieve, is the disabling of the automatic display of multimedia messages in Google Hangouts and Messenger app. This security measure was first used in response to the Stagefright flaw back in July.

[src src=”Top, Featured Image Via” url=”https://www.flickr.com/photos/jdhancock/6051805616″]Flickr[/src] 

  • Tags
  • Android
  • Google
  • hacking
  • LG
  • Malware
  • Privacy
  • Samsung
  • security
  • Stagef
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Anonymous Hacks Thailand Police, Expose Wrongdoing in Murder Investigation
Next article Exploit Flash Heap Isolation for a chance to “win” $100,000
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.

Related Posts
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Flawed Implementation of RCS Standard putting data of millions at risk

Flawed Implementation of RCS Standard putting data of millions at risk

This Smartwatch is exposing real-time location data of thousands of kids

This Smartwatch is exposing real-time location data of thousands of kids

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Surveillance

Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

1175
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors
Cyber Attacks

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

339
Flawed Implementation of RCS Standard putting data of millions at risk
Security

Flawed Implementation of RCS Standard putting data of millions at risk

445
3 arrested, 30,000+ piracy sites shut down in global operation IOSX
News

3 arrested, 30,000+ piracy sites shut down in global operation IOSX

588

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us