Some reports have emerged claiming that cybercriminals could exploit Android-based smartphones and tablets using bugs that cause devices to become unresponsive or unusable.
Ars Technica reports that bugs in the Android operating system can allow malicious third-party apps to send vulnerable smartphones and tablets into a series of looping crashes and could also wipe all stored data.
The first of these bugs, reported by Trend Micro, is claimed to keep the Android device (smartphone or tablet) stuck in endless reboot loop that could leave the device unresponsive or even unusable, which can be considered to be 'bricking' of the device. If the device can be hard factory reset for recovery, it would result in all data being lost.
Ars Technica also cites researcher Ibrahim Balic, who claims to have discovered a similar vulnerability in Android devices which caused memory corruption. The memory corruption bug could be triggered by a seemingly legitimate app once it is installed. If the 'appname' field of the app contained an extremely long value, in excess of 387,000 characters, the device on which is installed could go into an endless loop.
Balic said on his blog post, "I think all android versions are affected by this vulnerability." However, Balic only confirmed that Android 2.3 Gingerbread, Android 4.2.2 and Android 4.3 Jelly Bean had been tested to be affected by the bug. Interestingly, it seems that such an app could also cause the cloud scanner Google employs to check for malicious apps on the Play Store (called Bouncer) to be affected. Bouncer reportedly experiences a denial-of-service type condition when scanning a freshly uploaded app that contained the exploit. Balic said after uploading his proof-of-concept app, he received errors from Google Play, and noticed other developers weren't able to upload their apps to the store for a short period after.
Trend Micro's claimed exploit is quite similar, with the 'Activity' label the vulnerable field. The security company says if large amount of data is fed into the Activity label, it could stop system functionality, and cause the device to reboot. The company's Veo Zhang detailed the process in a blog post
Our analysis shows that the first crash is caused by the memory corruption in WindowManager, the interface that apps use to control the placement and appearance of windows on a given screen. Large amounts of data were entered into the Activity label, which is the equivalent of the window title in Windows.
If a cybercriminal builds an app containing a hidden Activity with a large label, the user will have no idea whatsoever that this exploit is in fact taking place. Cybercriminals can further conceal the exploit by setting a timed trigger event that stops the current app activity and then opens the hidden Activity. When the timed event is triggered, the exploit runs, and the system server crashes as a result. This stops all functionality of the mobile device, and the system will be forced to reboot.
An even worse case is when the malware is written to start automatically upon device startup. Doing so will trap the device in a rebooting loop, rendering it useless. In this case, only a boot loader recovery fix will work, which means that all the information (contacts, photos, files, etc.) stored inside the device will be erased.
Further, Trend Micro's analysis revealed that PackageManager and ActivityManager on an Android device, alongside the WindowManager service, are also vulnerable to a series of crashing. The blog post notes that with the installation of any malicious third-party app with such an exploit, the Android device will crash immediately without needing any special permission to run the app.
As of now, there is no word from Google on the reported bugs that are said to make the Android smartphones or tablets vulnerable to threats from malicious apps.
For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.