Malicious Android apps can delete data and send your phone into endless crashes


Here we are yet again with another Android bug that might or might not be able to turn your smartphone inside out. Security researchers came across a few bugs in Google’s Android operating system that could allow malicious apps to devices into a never ending looping spiral of crashes. In addition, this same bug could delete all data stored in these apps, but that’s OK, as long as it is not deleting important data stored on the device itself.

These malicious apps work on Android versions 2.3, 4.2.2, 4.3, and probably the latest versions of the operating system as well, according to researcher Ibrahim Balic. You see, by filing the appname field with long character values exceeding 387,000 characters, hackers can trigger an Android device to go into a loop of nonstop rebooting and endless crashes. Sounds scary? That’s because it is, but you may never experience such issues though.

“We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets, which include ‘bricking’ a device or rendering it unusable in any way,” Veo Zhang, a mobile threats analyst at Trend Micro, wrote in a blog post published Sunday. “In this context, the device is ‘bricked’ as it is trapped in an endless reboot loop.”

Zhang went on to explain further that attackers can create booby-trapped apps with the potential to kick this vulnerability into play.

“If a cybercriminal builds an app containing a hidden Activity with a large label, the user will have no idea whatsoever that this exploit is in fact taking place. Cybercriminals can further conceal the exploit by setting a timed trigger event that stops the current app activity and then opens the hidden Activity,” says Veo Zhang. “When the timed event is triggered, the exploit runs, and the system server crashes as a result. This stops all functionality of the mobile device, and the system will be forced to reboot.

“An even worse case is when the malware is written to start automatically upon device startup. Doing so will trap the device in a rebooting loop, rendering it useless. In this case, only a boot loader recovery fix will work, which means that all the information (contacts, photos, files, etc.) stored inside the device will be erased.”

Let’s hope Google manages to fix this issue before some hacker creeps begins work on an app to kick Android devices into a never ending loop of crashes. It is clear that Android is now the Windows of the mobile world. Oh, and if you are an iFan laughing your ass off, maybe you missed this story.

[via Balic, TrendMiro]

Related Posts