Pre-Android 4.1 devices open to malware attack

Vulnerability lets hackers find out which version a device is running and take advantage of its security hole

Kaspersky Lab has revealed mobile devices running Android 4.1 (Jelly Bean) or older are open to attack by a malicious script that seeks to find devices with antiquated security.

The script, which was originally designed to use a Flash vulnerability in Windows machines, has been tweaked to uncover which version of Android a device is running and will then inject it with malicious code that is resisted by newer versions of the operating system.

"The exploitation techniques we've found during our research were nothing new, but borrowed from proof of concepts, previously published by white hat researchers," Victor Chebyshev, security expert at Kaspersky Lab. "This means that vendors of Android devices should account for the fact that the publication of PoCs would inevitably lead to the appearance of 'armed' exploits."

Specifically, the exploit tells the browser to execute malicious code. Two other scripts were also discovered by the researchers. One is able to send an SMS to any number, presumably with the aim of spreading the infection, while the other creates malicious Trojan files on the SD-card of the attacked device, which also allows the interception and triggering of SMS messages.

Advertisement
Advertisement - Article continues below

"Users of these devices deserve to be protected with corresponding security updates, even if the devices are no longer being sold at the time," Chebyshev advised.

Although Google patched the security holes between 2012 and 2014, security updates to older devices are being rolled out slowly by vendors and some have completely missed out on updates because manufacturers have stopped supporting them, allowing them targeted by criminals.

Main image credit: CyberHades on Flickr

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/android/28295/how-to-unroot-android
Google Android

How to unroot Android

14 Jan 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019