Android Vulnerability Affects 2.8 Million Devices

A new Android vulnerability, estimated to impact 2.8 million devices worldwide at its peak, has been uncovered by security ratings firm BitSight.

The vulnerability, which affects devices out of the box, involves Android devices (including BLU Studio G from Best Buy) and an over-the-air (OTA) update mechanism associated with the software company, Ragentek Group, in China. Certain mobile phones are this vulnerable to man-in-the-middle attacks, allowing adversaries to execute arbitrary commands as a privileged user—such as extracting information or remotely wiping the device—and making it possible to gain access to other systems on a corporate network and steal sensitive information.

Many of these devices sit unknowingly on enterprise corporate networks.

According to BitSight, transactions from the binary to the third-party endpoint occur over an unencrypted channel, which not only exposes user-specific information during these communications, but would allow an adversary to issue commands supported by the protocol. One of these commands allows for the execution of system commands.

“This OTA binary was distributed with a set of domains preconfigured in the software,” the company said. “Only one of these domains was registered at the time of the discovery of this issue. If an adversary had noticed this, and registered these two domains, they would’ve instantly had access to perform arbitrary attacks on almost 3,000,000 devices without the need to perform a man-in-the-middle attack.”

BitSight’s AnubisNetworks now controls these two extraneous domains to prevent such an attack from occurring in the future, it said.

Still, the impact is significant. “We have observed over 2.8 million distinct devices, across roughly 55 reported device models, which have checked into our sinkholes since we registered the extraneous domains,” the company said. “In some cases, we have not been [able] to translate the provided device model into a reference to the real-world device. Thus, there could be additional device models affected.”

Android Vulnerability Affects 2.8 Million Devices

Tara Seals

You may also like

AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow

New SLP Vulnerability Could Enable Massive DDoS Attacks

New Research Claims Biden's Disclosure Deadlines Are Unrealistic

Cyber-Attack on Financial Apps

Necurs Botnets Busted

What’s hot on Infosecurity Magazine?

CISA Urges Immediate Credential Reset After Sisense Breach

Police Swoop on €645m Cannabis Investment Fraud Gang

How to Backup and Restore Database in SQL Server

Top 10 Cyber-Attacks of 2023

How to Open and View OST Files Without Outlook

New Android Espionage Campaign Spotted in India and Pakistan

Why Identity Management is Key in a Cyber Resilience Strategy

US Data Breach Reports Surge 90% Annually in Q1

Banning Ransomware Payments Will Do More Harm Than Good

Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

Famous YouTube Channels Hacked to Distribute Infostealers

Hackers Use Malware to Hunt Software Vulnerabilities

Humans and Machines: Why Strong Identity Security Needs Device Verification and Better User Experience

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Bouncing Back: Building Organizational Resilience in the Face of Cyber-Attack

Understand and Combat the Top Healthcare Cloud Threats Today

Phishing, Impersonation, and Beyond: CISO Insights on 2023-2024 External Threats

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024

Android Vulnerability Affects 2.8 Million Devices

Written by

You may also like

What’s hot on Infosecurity Magazine?