View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 11, 2015

IBM finds app lookalike flaw in Android

Malicious apps could take over the device through a serialisation vulnerability.

By Alexander Sword

In the latest in a string of vulnerabilities being unearthed in the Android operating system, IBM’s security research team has discovered a serialisation vulnerability affecting over 55 percent of Android phones.

The arbitrary code execution vulnerability could allow a malicious app with no privileges to gain full control of a device.

"Developers take advantage of classes within the Android platform and SDKs," wrote Or Peles, Security Researcher, X-Force Application Security Research Team, IBM Security Systems, on the X-Force blog.

"These classes provide functionality for apps — for example, accessing the network or the phone’s camera.

"The vulnerability we found can be exploited by malware through the communication channel that takes place between apps or services.

"As the information is broken down and put back together, malicious code is inserted into this stream, exploits the vulnerability at the other end and then owns the device."

Hackers can then replace a legitimate, trusted application with a lookalike to fool the user into inputting personal details.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

In the proof-of-concept, demonstrated at USENIX WOOT ’15 in Washington, D.C., the researchers demonstrated how Facebook’s Messenger app could be replaced.

The vulnerability apparently affects the preview version of Android M, as well as versions from Jelly Bean to Lollipop.

Leif-Olof Wallin, Research VP at Gartner, argues that despite the recent slew of vulnerabilities being discovered in Android, Android’s main problem is not the prevalence of vulnerabilities but how they are addressed.

"You tend to find these types of problems and challenges in all operating systems regardless of who’s behind it.

"The main difference is how the problem is being addressed.

"If you look at old-fashioned Windows PCs, you have exploits being identified and resolved quickly. An iOS fix is pushed out as an offer to devices within a couple of days.

"What makes Android more vulnerable is the tiered approach. Google usually responds within a couple of days."

As Wallin explains, this fix is then rolled out to original design manufacturers (ODMs), before it is handed to mobile operators. Mobile operators can then take months to address the issue.

"Google has recognised the challenge and has a plan to mitigate it," Wallin adds, referring to Google’s plans to roll out security fixes for Android that don’t affect product differentiation.

"It will not make Android code less buggy but exploits will be fixed quicker."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.