Ars Technica reports that bugs in the Android operating system can allow malicious third-party apps to send vulnerable smartphones and tablets into a series of looping crashes and could also wipe all stored data.
The first of these bugs, reported by Trend Micro, is claimed to keep the Android device (smartphone or tablet) stuck in endless reboot loop that could leave the device unresponsive or even unusable, which can be considered to be 'bricking' of the device. If the device can be hard factory reset for recovery, it would result in all data being lost.
Ars Technica also cites researcher Ibrahim Balic, who claims to have discovered a similar vulnerability in Android devices which caused memory corruption. The memory corruption bug could be triggered by a seemingly legitimate app once it is installed. If the 'appname' field of the app contained an extremely long value, in excess of 387,000 characters, the device on which is installed could go into an endless loop.
Balic said on his blog post, "I think all android versions are affected by this vulnerability." However, Balic only confirmed that Android 2.3 Gingerbread, Android 4.2.2 and Android 4.3 Jelly Bean had been tested to be affected by the bug. Interestingly, it seems that such an app could also cause the cloud scanner Google employs to check for malicious apps on the Play Store (called Bouncer) to be affected. Bouncer reportedly experiences a denial-of-service type condition when scanning a freshly uploaded app that contained the exploit. Balic said after uploading his proof-of-concept app, he received errors from Google Play, and noticed other developers weren't able to upload their apps to the store for a short period after.
Trend Micro's claimed exploit is quite similar, with the 'Activity' label the vulnerable field. The security company says if large amount of data is fed into the Activity label, it could stop system functionality, and cause the device to reboot. The company's Veo Zhang detailed the process in a blog post
If a cybercriminal builds an app containing a hidden Activity with a large label, the user will have no idea whatsoever that this exploit is in fact taking place. Cybercriminals can further conceal the exploit by setting a timed trigger event that stops the current app activity and then opens the hidden Activity. When the timed event is triggered, the exploit runs, and the system server crashes as a result. This stops all functionality of the mobile device, and the system will be forced to reboot.
An even worse case is when the malware is written to start automatically upon device startup. Doing so will trap the device in a rebooting loop, rendering it useless. In this case, only a boot loader recovery fix will work, which means that all the information (contacts, photos, files, etc.) stored inside the device will be erased.
Further, Trend Micro's analysis revealed that PackageManager and ActivityManager on an Android device, alongside the WindowManager service, are also vulnerable to a series of crashing. The blog post notes that with the installation of any malicious third-party app with such an exploit, the Android device will crash immediately without needing any special permission to run the app.
As of now, there is no word from Google on the reported bugs that are said to make the Android smartphones or tablets vulnerable to threats from malicious apps.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.