It seems that Google's work to protect Android users is never ending. The search engine company and owner of the most used mobile operating system on the planet warns that a malicious user can gain superuser access from an application that takes advantage of a security breach which was discovered no less than two years ago. The mentioned bug is present in the Linux Kernel, which is where Android It is developed.
The security problem has been known since April 2014, although at that time it was not labeled "vulnerability". But in February 2015 it was discovered that this kernel failure it had security implications, at which point they already gave it an identifier (CVE-2015-1805). In addition, the problem did not exist until the software was adapted to Android, another reason why it had not been given so much importance until just over a year ago.
The story comes from afar
Last month, the team Core Team discovered that this vulnerability could be exploited by hackers to gain access root to device. A hacker with access root a device has superuser access, which is even greater control than the owner of the device or third-party applications. By exploiting this vulnerability, the cybercriminal could access and / or modify any file in the operating system, which does not sound good at all.
CoRE Team notified Google of the existence of the exploit and the big finder company got to work on a patch that it should have included in a future security update, but they didn't have enough time to fix it and Zimperium, the security team that Stagefright discovered, told Google that the exploit It was already present in the Nexus 5, reaching it through an application from the Play Store that at this time has already been blocked.
Google can block apps trying to get access root to the device, but you cannot tell how long the malicious application has been doing its thing. In a security statement, Google said that “Google has confirmed the existence of a publicly available root-accessing application that used this vulnerability on the Nexus 5 and Nexus 6 to provide superuser privileges on the device's device. user".
Google has classified this problem with a degree of severity «Critical», but the application in question was not considered malicious. Moreover, the critical severity grade means that other hackers could use the same exploit to spread the malware.
A patch is on the way
Google has already released patches to fix this security problem in the Android Open Source Project (AOSP) for versions 3.4, 3.10 and 3.14 of the Android Kernel. The versions with the Kernel 3.18 and higher are not vulnerable to this failure. The patches will be included in the April security update for Nexus devices, which is good news for users who own a Nexus, but other users will have to wait for the company of their device to release their own update. which can take days, weeks or months.
How to protect yourself
As in many other cases, common sense is the best antivirus. The best thing to do is always download applications from official stores. In the case of applications downloaded from Google Play, if there is a dangerous application, it is blocked by Google itself, so it could not make use of it. exploit and we would be totally safe. If we have to install an application from outside of Google Play, it is worth having the app verification from the phone settings. There is also an option on some devices that scans the system for threats, something that can affect the performance of the device, but it can be worth it.
To know if a device has received the security patch that corrects this problem, you must enter the security patches section of the phone. If the latest update says April 1 or later, there will be no problem. If not, be very careful what you do.