Pre-Android 4.1 devices open to malware attack
Vulnerability lets hackers find out which version a device is running and take advantage of its security hole
Kaspersky Lab has revealed mobile devices running Android 4.1 (Jelly Bean) or older are open to attack by a malicious script that seeks to find devices with antiquated security.
The script, which was originally designed to use a Flash vulnerability in Windows machines, has been tweaked to uncover which version of Android a device is running and will then inject it with malicious code that is resisted by newer versions of the operating system.
"The exploitation techniques we've found during our research were nothing new, but borrowed from proof of concepts, previously published by white hat researchers," Victor Chebyshev, security expert at Kaspersky Lab. "This means that vendors of Android devices should account for the fact that the publication of PoCs would inevitably lead to the appearance of 'armed' exploits."
Specifically, the exploit tells the browser to execute malicious code. Two other scripts were also discovered by the researchers. One is able to send an SMS to any number, presumably with the aim of spreading the infection, while the other creates malicious Trojan files on the SD-card of the attacked device, which also allows the interception and triggering of SMS messages.
"Users of these devices deserve to be protected with corresponding security updates, even if the devices are no longer being sold at the time," Chebyshev advised.
Although Google patched the security holes between 2012 and 2014, security updates to older devices are being rolled out slowly by vendors and some have completely missed out on updates because manufacturers have stopped supporting them, allowing them targeted by criminals.
Main image credit: CyberHades on Flickr
The case for a marketing content hub
Transform your digital marketing to deliver customer expectationsDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now
IT faces new security challenges in the wake of COVID-19
Beat the crisis by learning how to secure your networkDownload now