Palo Alto Networks discovers Android vulnerability

Palo Alto Networks discovers Android vulnerability

Affects half of current Android device users

Palo Alto Networks has discovered a widespread vulnerability in Google’s Android mobile operating system that allows attackers to hijack the installation of the Android Package File (APK) app on user devices and replace it with an app of the attacker’s choice.

This occurs without the user’s knowledge, the company said.

Palo Alto Networks estimated that this vulnerability is affecting by 49.5 per cent of current Android device users, allowing attackers to potentially distribute malware, compromise devices and steal user data.

The company has released an application that potentially helps affected Android users diagnose their devices.

The vulnerability was discovered by Palo Alto Networks’ Unit 42 threat researcher, Zhi Xu.

The vulnerability exploits a flaw in Android’s PackageInstaller system service, allowing attackers to silently gain unlimited permissions in compromised devices. It affects Android applications downloaded from third-party sources, and does not affect apps accessed from Google Play, the company said.

During installation, Android applications list the permissions requested to perform their function, such as a messaging app requesting access to SMS messages, but not GPS location.

The vulnerability allows hackers to trick users by displaying a false, more limited set of permissions, while potentially gaining full access to the services and data on the user’s device, including personal information and passwords.

While users believe they are installing a flashlight app or a mobile game with a well-defined and limited set of permissions, they are actually running potentially dangerous malware, the company said.

The Unit 42 team has worked with Google and Android device manufacturers such as Samsung and Amazon to protect users and patch the vulnerability in affected versions of Android. Although some older versions of Android may remain vulnerable, the company said.

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Follow Byron Connolly on Twitter:@ByronConnolly

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareAndroidGoogle Androidsecurity vulnerabilitysecurity vulnerabilitiesAndroid PackageInstaller

More about FacebookGooglePalo Alto NetworksSamsung

Show Comments