Pre-Android 4.1 devices open to malware attack

Vulnerability lets hackers find out which version a device is running and take advantage of its security hole

Kaspersky Lab has revealed mobile devices running Android 4.1 (Jelly Bean) or older are open to attack by a malicious script that seeks to find devices with antiquated security.

The script, which was originally designed to use a Flash vulnerability in Windows machines, has been tweaked to uncover which version of Android a device is running and will then inject it with malicious code that is resisted by newer versions of the operating system.

Advertisement - Article continues below

"The exploitation techniques we've found during our research were nothing new, but borrowed from proof of concepts, previously published by white hat researchers," Victor Chebyshev, security expert at Kaspersky Lab. "This means that vendors of Android devices should account for the fact that the publication of PoCs would inevitably lead to the appearance of 'armed' exploits."

Specifically, the exploit tells the browser to execute malicious code. Two other scripts were also discovered by the researchers. One is able to send an SMS to any number, presumably with the aim of spreading the infection, while the other creates malicious Trojan files on the SD-card of the attacked device, which also allows the interception and triggering of SMS messages.

"Users of these devices deserve to be protected with corresponding security updates, even if the devices are no longer being sold at the time," Chebyshev advised.

Advertisement
Advertisement - Article continues below

Although Google patched the security holes between 2012 and 2014, security updates to older devices are being rolled out slowly by vendors and some have completely missed out on updates because manufacturers have stopped supporting them, allowing them targeted by criminals.

Main image credit: CyberHades on Flickr

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/android/28295/how-to-unroot-android
Google Android

How to unroot Android

22 Apr 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

27 Apr 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020