Major Android remote-access vulnerability is now being exploited

Good luck getting this one patched quickly and effectively.

Read the whole story

 

[Deleted member 192806]

TeamViewer's remote control plug in, pre-installed by some phone OEMs and phone carriers for support, offers an exploitable backdoor for attackers (and even some legitimate apps) to gain root-level access to devices.

I seem to remember in the "customer experience" thread and story Ars did, most said remoting in by tech support was a bad idea.

 

[Jaysyn]

Is this the bug that was patched on Google's Nexus devices & not much else or am I thinking of a different one?

 

[Snackasaurus]

Jaysyn[/url]":bbtt63bp]Is this the bug that was patched on Google's Nexus devices & not much else or am I thinking of a different one?

That's every Android bug.

 

[hansmuff]

Samsung Galaxy S6 (TMO) with current updates is vulnerable, says the scanner.

Android version 5.1.1
Baseband version G920TUVU2COF8

So I guess it's sit and wait... and hey good luck you guys with "old" phones!

 

[Gajl]

Android by design...

 

[LJ]

Ostracus[/url]":34bz209r]

TeamViewer's remote control plug in, pre-installed by some phone OEMs and phone carriers for support, offers an exploitable backdoor for attackers (and even some legitimate apps) to gain root-level access to devices.

I seem to remember in the "customer experience" thread and story Ars did, most said remoting in by tech support was a bad idea.

it's a necessary evil.

This exploit appears to be an example of what happens with a fragmented base: all these manufacturers sign different packages willy-nilly and control far too much of android.

 

[Chemical Tribe]

Jaysyn[/url]":vbjt7zkh]Is this the bug that was patched on Google's Nexus devices & not much else or am I thinking of a different one?

It isn't a bug. Dumb OEMs stuck a vulnerable remote app in the phone which itself is vulnerable.

Nexus devices and probably all non carrier phones, don't have it.

 

[Cabal]

I cannot agree that remote support tools are a necessary evil. Why can't users with an issue they can't figure out pop over to the local mall and then the kiosk or shop associated with their carrier for hands on help. That's how it works here, provided phone support can't walk you through things.

These are not desktop computers, they are portable.

 

[Chemical Tribe]

"And there’s no easy way for Google or phone manufacturers alone to patch the problem...And in some cases, as Bobrov said at Black Hat, the tool is pre-installed and unreachable by the customer. “To get rid of it, you need an upgrade of Android OS,” he explained."

Nonsense. This stuff requires an OTA to fix, which can remove stuff on the system partition. And if carriers put it there, it's within their power and responsibility to fix it. All of the carriers here in the US are guilty of using this to push new crap to phones, and they can remove it just as well.

 

[digi99]

And people ask me why I switched back to iOS.

 

[d4Njv]

Unlike the carriers, Google depends very much on its reputation. If Google doesn't take control of the Android name, it's their loss. The carriers and OEMs have demonstrated that they cannot be trusted with software. It's not like they have the expertise to go it alone and roll their own app store and cloud services if Google imposes "onerous" conditions on using the Android brand.

 

[Kydaria]

Funny how the first app found to exploit this conveniently comes from the UK

I wonder how many Android devices in the UK have been unknowingly part of a massive surveillance dragnet?

 

[bug77]

Cabal[/url]":2b9v5ugn]I cannot agree that remote support tools are a necessary evil. Why can't users with an issue they can't figure out pop over to the local mall and then the kiosk or shop associated with their carrier for hands on help. That's how it works here, provided phone support can't walk you through things.

These are not desktop computers, they are portable.

Because chances are, the user wants the phone diagnosed then and there.

 

[Cabal]

bug77[/url]":3pwumyx5]

Cabal[/url]":3pwumyx5]I cannot agree that remote support tools are a necessary evil. Why can't users with an issue they can't figure out pop over to the local mall and then the kiosk or shop associated with their carrier for hands on help. That's how it works here, provided phone support can't walk you through things.

These are not desktop computers, they are portable.

Because chances are, the user wants the phone diagnosed then and there.

Users do not understand security considerations. The carrier should be looking out for them in that regard. Therefore installing these applications as part of the carrier image is not in keeping with professional customer service.

EDIT: and with this edit I check out of the front page comments forever. The voting system is honestly hilarious. All of you that down vote yet don't refute, honestly think that the least savvy user understands, even in the most abstract way, the security concerns that remote access software on their phones pose?

Really?

 

[seanmgallagher]

Snackasaurus[/url]":17d0rvyz]

Jaysyn[/url]":17d0rvyz]Is this the bug that was patched on Google's Nexus devices & not much else or am I thinking of a different one?

That's every Android bug.

I thought it, @Snackasaurus said it.

 

[melgross]

If it's not one thing, it's another.

 

[thelastredshirt]

I wonder which carrier or device is responsible for the 1.02% Sony result.

 

[The Quick & The Read]

seanmgallagher[/url]":2q1pbo5v]

Snackasaurus[/url]":2q1pbo5v]

Jaysyn[/url]":2q1pbo5v]Is this the bug that was patched on Google's Nexus devices & not much else or am I thinking of a different one?

That's every Android bug.

I thought it, @Snackasaurus said it.

Good luck getting this one patched quickly and effectively.

Oh, wait, someone said that already.



Well, as popular and well-used as the OS is, it bears repeating.

 

[lonewolfe2015]

These kind of issues are why I can never see myself owning an Android device. Even if I got past the usability hump (I personally don't find the UI intuitive) there's so many risks with using an Android phone. I already have Windows on my laptop, I don't want to worry about virus scanners and what I download on my phone too. Let alone what is already downloaded on it for me by my carrier and not-removable.

 

[akurczyn]

Now that is a Killer App!

 

[peaceminded]

This isn't a Android vulnerability. This is oem fuckery - as far as I know Team Viewer isn't part of Android - stock or otherwise.

Nonetheless Google should just fucking wake up and do *something* - although I'm not sure what exactly.

 

[Chemical Tribe]

Other stuff to consider: Team Viewer isn't the only admin app available. Every android phone has one, and that's the google app for finding your phone. Obviously without admin access, it can't remotely lock, change passwords, or wipe your phone.

While one can't remove built in software, users should be able to go to security, device administrators, and revoke it's access. Only properly signed apps can find it's way there to begin with. Those with this stuff on their phone can post to see if they can.

Those who downloaded that easy screen record app had to agree to it becoming activated, and view the fact it can do a lot of stuff.


edit: This app lies in /system/priv-app if on 4.4 or above, and needs to be signed by the device platform key. and isn't just an admin app for use in remote administration, though that can be quite powerful.
Google did this to make sure any app who needs system permissions to be small, and only the ones absolutely necessary to limit attacks on other apps.

The part about it already being install and exploitable, that's simple enough. What isn't explained, however, is how that app can get itself there, installed, if it wasn't there to begin with. You can't just stick any app there, and each key is different for each device. You can get the key to sign it if you have the key from say, an image to restore your device, but that means the people who install that plugin have to have a signed copy for each variant, but they still can't stick that app into /system/priv-app without root to begin with.

And, that, is what gets me about all these "android has xyz exploits" from security companies. They say this can happen, and won't bother actually explaining each step of the way. Same with stagefright - nowhere was it stated with any sort of clarity, that anyone on 4.1 and up, the most damage it can do is crash the program. But they said "Watch it execute again and again" without saying or showing it really doing nothing.

 

[PDXoPDX]

peaceminded[/url]":37imjpd4]This isn't a Android vulnerability. This is oem fuckery - as far as I know Team Viewer isn't part of Android - stock or otherwise.

Nonetheless Google should just fucking wake up and do *something* - although I'm not sure what exactly.

Manage their mobile OS more like a certain fruit company does. There, I said it...

 

[Mydrrin]

Imagine if this is a car and the amount of recalls around the world.

 

[Osophy]

Oh don't worry about those back doors. They're only there for the good guys to use.

 

[Buran]

Snackasaurus[/url]":3imhib1o]

Jaysyn[/url]":3imhib1o]Is this the bug that was patched on Google's Nexus devices & not much else or am I thinking of a different one?

That's every Android bug.

This is one reason (among several) why I prefer Apple's phones. Not because I dislike Android -- far from it -- but the fragmentation and resulting horrible security is something I don't want. I'd rather have a handset that can be easily patched when major issues are found.

Some people like the increased flexibility -- I get that -- but to me it is not worth the unfixable security hassles. Carriers are just going to point to stuff like this as a reason to buy a whole new phone and, of course, pay an upgrade fee. It's not something they see as actually important to deal with properly.

 

[Simonb42]

I don't know how to do it but could the ability to gain root also be a godsend for people who actually want to root their device without resorting to sketchy apps or unlocking the bootloader and flashing/restoring stuff?

My device needed a sketchy Chinese app to gain root under Lollipop and then some adb trickery to force uninstall the Chinese root app and install SuperSU. It was much easier with Towelroot and it would be great if that exploit could be used similarly.

 

[sep332]

Looks like most of Check Point's apps are only sold to corporations looking to deploy software on fleets of Android phones. But they have a stand-alone scanner for this one vulnerability: https://play.google.com/store/apps/deta ... nner&hl=en

 

[Banquo]

Android has gotten to the point that it`s either get a Nexus device or don`t bother at all.

The OEMs with their failure to provide proper updates and installation of bloatware apps that are often security liabilities in themselves has created a security nightmare.

As other posters have commented, it`s really up to Google now to take charge and impose themselves on the various phone vendors.

 

[fic]

So, can this be used by cyanogenmod or similar to gain root on "unrootable" phones?

 

[bvz]

Ugh.

I really am happy with my moto X, but it makes me insane that I am at the mercy of Google plus Motorola plus Verizon to keep my data safe.

That's like being sick, but you have to wait for the doctor who then has to get approval from the insurance company who then has to get approval from Vinnie the card who lives on the corner and steals your lunch money as you walk to school.

IOS is a perfectly fine platform, but I much prefer the android experience. But this constant and completely UNADDRESSED security issue (I mean, it's like a weekly thing now) has me reluctantly considering switching to the iPhone.

And once again...

Ugh.

 

[dlux]

peaceminded[/url]":27nny4cp]Nonetheless Google should just fucking wake up and do *something* - although I'm not sure what exactly.

I'm sure their 'labs' can generate more beta products to address these concerns. Yeah, that's the ticket!

 

[ewelch]

This, sadly, is a good example of how my Apple fanboyism can sometimes backfire. When I tell my Android-using acquaintances about this kind of thing, they ignore it and claim I'm just an Apple fanboy. But the fact of the matter is, I think people should use what they like, but they need to do it with their eyes open. (That includes iOS by the way).

 

[Chemical Tribe]

Simonb42[/url]":3m3g1xq5]I don't know how to do it but could the ability to gain root also be a godsend for people who actually want to root their device without resorting to sketchy apps or unlocking the bootloader and flashing/restoring stuff?

My device needed a sketchy Chinese app to gain root under Lollipop and then some adb trickery to force uninstall the Chinese root app and install SuperSU. It was much easier with Towelroot and it would be great if that exploit could be used similarly.

Admin isn't root, although Sean in the article clearly confuses the two.

Even if you gain root, bootloader protections in most phones by Samsung, Moto, and HTC, prevent any modifications to the system partition. And in LP, the kernel refuses to run anything root from the user partition.

 

[Chemical Tribe]

digi99[/url]":udoek9uv]And people ask me why I switched back to iOS.

People don't have to ask you why; we'd ask with all the crap you post about android, why you owned one to begin with.

Seriously doubt you switched *back* to ios, in that you probably never left it. You are just making shit up and trolling as usual.

 

[Takur]

Now I'm really having second thoughts about Android. While I value customizability and doing what I want on my device I definitely value security and privacy above all. If Apple can't give me that balance between customizability, privacy and security then perhaps Microsoft can.

 

[Solidstate89]

It's shit like that this makes me happy Microsoft somehow found enough sway with the carriers to tell them that any pre-installed apps have to be completely and fully uninstallable from the phone. None of this "baked into the ROM and impossible to uninstall" bullshit that they manage to pull with the Android OEMs.

I don't know why some of these OEMs allow it. They may not have Apple level influence, but their phones still sell millions of devices, (especially Samsung) they should be able to say "no" to these cell carriers.