Android under attacks: old vulnerabilities, present threats

The late April was especially “rich” with news related to bugs, attacks and Android-targeting malware.

A five-year-old Android vulnerability disclosed a week ago allows a wide range of various compromising actions, including privilege escalation, stealing SMS and call logs, etc. In the case of a successful attack, this is a cyberspy’s dream come true.

Around for years

The CVE-2016-2060 was discovered by FireEye’s researchers in Qualcomm software available from the Code Aurora Forum in January, Threatpost wrote. And while Qualcomm has patched the affected software and pushed fixes to OEMs back in March, the vulnerable APIs were found in a 2011 git repository, which means the code has been around for a good five years and is most likely present in countless devices with various Android versions, including those no longer supported (but still in use).

Android’s security problems emerge on a regular basis, despite Google’s many attempts to bring its security to the appropriate level. Developers push new and more secure versions forward, but actual adoption of those secure versions lags behind heavily. As of May 2016, the dominant Android version is 4.x, accounting for over 54% of devices in circulation. Lollipop’s versions 5.0.x (2014) and 5.1.x (early 2015) together add up to 35.6%, while the latest Marshmallow edition (version 6.0.x), launched in October 2015, has 7.5% adoption rate. And 2.2% of devices in circulation are still running Gingerbread (2011).

Versions up to 5.0 are reportedly affected by the aforementioned vulnerability. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk, Threatpost said.

A firework of news

As said before, new Android security issues get publicized rather often, but late April was especially “rich” with news related to bugs, attacks, and Android-targeting malware.

Android ransomware hitting Android 4.x was disclosed, soon followed by the news of a phony Google update spreading data-stealing malware, as well as a report of a sheer rise of Android overlay malware. All of these threats predominantly target the Android 4.x-based devices – i.e. the most-used, yet under-secured, portion.

Containing the potential threat

Unfortunately, it’s clear that Android 4.x-based devices used within a corporate network are a potential threat that IT staff has to keep in check. It is unfeasible to complete this task manually, even if the company isn’t very large, so special automated mobile security suites are required. Aside from the compulsory protection from mobile malware, such security solutions are necessary to block out phishing attempts: the undesired/unauthorized apps wouldn’t start, at least while the smartphone is within the corporate network, and personal and corporate data wouldn’t mix on the employees’ mobile devices. Anti-theft tools are also highly recommended.

Kaspersky Lab’s Endpoint Security for Business (Select and Advanced editions) features a robust and mature complex of tools to ensure the security of mobile devices used within a business network. Aside from protecting the devices from malware and phishing, it allows for the detection of rooting and jailbreaking incidents (devices are then blocked out), supports common MDM platforms, and features a number of tools to remotely retrieve or wipe sensitive data if the device is lost or stolen and is impossible to locate.

For more information on the offered functions, check out the Business Security section on Kaspersky Lab’s official site.

Tips