GEC NEWS WIREVulnerability Affects Users Downloading Android Applications from Third-party Sources
Palo Alto Networks has revealed details of a widespread vulnerability in Google’s Android mobile operating system that allows attackers to hijack the installation of a seemingly safe Android application — Android Package File (APK) — on user devices, replacing it with an app of the attacker’s choice, without user knowledge.
According to Saeed Agha, GM Middle East, Palo Alto Networks: “Exploitation of this vulnerability, which is estimated to affect about 49.5 percent of current Android device users, allows attackers to potentially distribute malware, compromise devices and steal user data.”
Unit 42, the Palo Alto Networks threat intelligence team, has worked with Google and Android device manufacturers such as Samsung and Amazon to help protect users and patch this vulnerability in affected versions of Android. Some older-version Android devices may remain vulnerable. “We urge Android users to take advantage of the diagnostic application provided by Palo Alto Networks to check their devices, and we thank Google, Samsung and Amazon for their cooperation and attention” said Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks
Palo Alto Networks recommends to only install software applications from Google Play on vulnerable devices. Though deployment of mobile devices with Android 4.3_r0.9 and later is encouraged, it should be kept in mind that some Android 4.3 devices are found to be vulnerable. Apps shouldn’t be provided permission to access logcat. Enterprise users shouldn’t be allowed to use rooted devices with enterprise networks.
