Unit 42 Discovers "Android Installer Hijacking" - Palo Alto Networks

7 Views
Published
Vulnerability Allows Stealth Bait & Switch

Discovered by Palo Alto Networks Unit 42 threat researcher Zhi Xu, the vulnerability exploits a flaw in Android’s “PackageInstaller” system service, allowing attackers to silently gain unlimited permissions in compromised devices. Specifically:
- During installation, Android applications list the permissions requested to perform their function, such as a messaging app requesting access to SMS messages, but not GPS location.
- This vulnerability allows attackers to trick users by displaying a false, more limited set of permissions, while potentially gaining full access to the services and data on the user’s device,
including personal information and passwords.
- While users believe they are installing a flashlight app, or a mobile game, with a well-defined and limited set of permissions, they are actually running potentially dangerous malware.

Unit 42, the Palo Alto Networks threat intelligence team, has worked with Google and Android device manufacturers such as Samsung and Amazon to help protect users and patch this vulnerability in affected versions of Android. Some older-version Android devices may remain vulnerable.

To learn more
Read full details of this Android vulnerability on the Unit 42 blog, and subscribe to regular research and analysis updates: http://researchcenter.paloaltonetworks.com/2015/03/android-
installer-hijacking-vulnerability-could-expose-android-users-to-malware/

Watch a short video describing Android Installer Hijacking to understand which Android devices are vulnerable and why: http://youtu.be/81slOhjrZXY

Download the scanner application:
o Via GitHub: https://github.com/PaloAltoNetworks-BD/InstallerHijackingVulnerabilityScannero Via Google Play: http://play.google.com/store/apps/details?id=com.paloaltonetworks.ctd.ihscanner

Visit the Unit 42 homepage for new research, updates and confirmed speaking appearances: https://www.paloaltonetworks.com/threat-research.html

Learn more about Palo Alto Networks enterprise security platform: https://www.paloaltonetworks.com/products/platforms.html


About Unit 42
Unit 42, the Palo Alto Networks threat intelligence team, is made up of accomplished cybersecurity researchers, and industry experts. Unit 42 gathers, researches, and analyzes up-to-the-minute threat intelligence, sharing insights with Palo Alto Networks customers, partners, and the broader community to better protect organizations. Unit 42 team leads regularly appear at industry conferences throughout the world.

About Palo Alto Networks
Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today's dynamic computing environments: applications, users, and content.

Find out more at http://www.paloaltonetworks.com.
Category
Palo Alto Networks
Tags
Unit 42, Scott Simkin, Palo Alto Networks
Be the first to comment