New Threat to Android Phones
Android Installer Hijacking bug: Half of Android users exposed to cyber attacks via installation vulnerability
The security firm Palo Alto Networks announced that it discovered a “Time-of-Check to Time-of-Use” vulnerability in Google’s Android operating system last year. This year they discovered an attack, which exploits that vulnerability and named it as “Android installer hijacking”. Researchers have found that nearly half of android systems are exposed to cyber attacks through this vulnerability. Android versions of 4.3 or older are affected by this vulnerability while version 4.4 or above are not affected.
This vulnerability can allow cybercriminals to replace or modify legitimate apps with malicious versions while the user is installing the Application software packages (APKs). App files are downloaded for installation in APK (Application software package) format. The attackers can steal sensitive data like user name and passwords through these malicious versions of apps. This vulnerability only affects applications downloaded from third-party app stores or when a user clicks on an app promotion advertisement hosted by a mobile advertisement library. Apps downloaded from official Google play store are not affected as these apps are downloaded into a protected space while third party apps are downloaded into an unprotected space.
The attackers take advantage at the time when the system application PackageInstaller installs the APK files. At the beginning of the installation process the user has to verify that the user really wants to install the app, and approve the app permissions such as network access or access to the database. This step is called “Time to Check”. In affected systems, the attackers can modify or replace the app package without user’s knowledge, while the user is reviewing this permission information. At the “time of use”; where user clicks “install”, the PakcageInstaller actually installs a totally different app with entirely different set of permissions. Once the hackers get the control of the system they can install other malwares as they need.
Palo Alto Networks has introduced an Installer Vulnerability Scanner app so that the user can check if the device is a potential target for the threat. The user can download the scanner app here, and test the phone with it. In order to prevent possible future threats, make sure to download apps from trusted sources only and download all updates published by your device manufacturer.