Pre-Android 4.1 devices open to malware attack

Vulnerability lets hackers find out which version a device is running and take advantage of its security hole

Kaspersky Lab has revealed mobile devices running Android 4.1 (Jelly Bean) or older are open to attack by a malicious script that seeks to find devices with antiquated security.

The script, which was originally designed to use a Flash vulnerability in Windows machines, has been tweaked to uncover which version of Android a device is running and will then inject it with malicious code that is resisted by newer versions of the operating system.

"The exploitation techniques we've found during our research were nothing new, but borrowed from proof of concepts, previously published by white hat researchers," Victor Chebyshev, security expert at Kaspersky Lab. "This means that vendors of Android devices should account for the fact that the publication of PoCs would inevitably lead to the appearance of 'armed' exploits."

Specifically, the exploit tells the browser to execute malicious code. Two other scripts were also discovered by the researchers. One is able to send an SMS to any number, presumably with the aim of spreading the infection, while the other creates malicious Trojan files on the SD-card of the attacked device, which also allows the interception and triggering of SMS messages.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Users of these devices deserve to be protected with corresponding security updates, even if the devices are no longer being sold at the time," Chebyshev advised.

Although Google patched the security holes between 2012 and 2014, security updates to older devices are being rolled out slowly by vendors and some have completely missed out on updates because manufacturers have stopped supporting them, allowing them targeted by criminals.

Main image credit: CyberHades on Flickr

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/android/28295/how-to-unroot-android
Google Android

How to unroot Android

14 Jan 2019
Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020