Android Vulnerability Detected

android virusThe users of android phones have to take particular care to ensure that their devices are not

vulnerable to a malicious element. Such an element enables applications in the phone to make calls

even if permission has not been given to do so. Curesec, a well known German Security firm, brought

this vulnerability to the notice of Google sometime late last year. The vulnerability was discussed in

details in a report that was submitted to Google Inc. Version 4.1 of Android, also known as Jelly Bean

was where such a vulnerability appears to have been first detected.

The malicious bug takes the form of a specific code which is present in several android applications.

For instance, if a game application in your android phone has this code in it, then unauthorized

phone calls can easily be made from your phone to phones outside, without you knowing anything

about it. Normally an application has to be given specific instructions in order for it to be able to

make calls to external devices. With this malicious bug being rampant in android phones, this is no

longer necessary.

Outgoing calls can be terminated by unauthorized users via this bug. It can also execute

manufacturer defined MMI code, supplementary service and USSD or unstructured, supplementary

service data. If you value privacy and data confidentiality, then this malicious bug will prove to be

rather nasty for you. The codes can be used to access operator services and numerous device

functions quite easily.

The list comprising of several of such malicious codes is quite an exhaustive one. Some of these

codes are capable of blocking a SIM card. Others can disable or enable caller anonymity, or change

phone call flow in a specific android device.

There are android based security screening applications that normally provide instructions for the

making of calls from android device. However the bug is one that can bypass these security

screening applications quite easily. The android permissions system is one that can be altogether

deceived by this bug. Hence these apps don’t provide any security at all to phones that are

vulnerable to the malicious codes.

There are two flaws which researchers have found, can be exploited for the purpose of achieving the

exact same goals. One has been found in the older android systems and the other in one of the new

The first malicious bug is termed as CVE20136272. It has first been found in Jelly Bean or in the 4.1

version of the Android OS systems. It has also been found present in the advanced 4.4 Kit Kat version

of the Android OS System.

The latest android update of 4.4.4 is one where this bug has been terminated quite successfully. As a

However, not many users of the Android phones have been able to download this update. Only

about fourteen percent of android users worldwide have managed to download the update.

Hundreds of thousands of other android users continue to be affected by these flaws.

The bug which is present in the older and more outdated versions of the Android systems like 2.3.6

and 2.3.3 is known to have a wider outreach. It is present very strongly in the Android Gingerbread version, in budget minded and small phones that are greatly being used in countries like Russia,

China and Brazil. Android 3.00 Honeycomb was where this bug was fixed. However, such an OS is

limited only to tablet devices. More than ninety percent of android users around the globe can still

exploit this bug.

Curesec researchers have come up with proof concept demonstrations and source codes. These

enable android users to detect this malicious bug in their phones.

Android Vulnerability Detected, 10.0 out of 10 based on 2 ratings

Leave a Reply

Your email address will not be published. Required fields are marked *