Millions of Android Devices at Risk of “Permanent Device Compromise” – Hit By Linux Kernel Bug
Due to elevation of privilege vulnerability in the Linux kernel, millions of Android phones are at risk of security attacks. The entire lineup of Nexus and other Android devices are vulnerable to attacks that can take control of core functions almost permanently. Google has now acknowledged the issue and is sending a fix to Nexus devices, and its partners.
Millions of Android users hit by a Linux kernel bug
Google has shipped an out-of-band emergency patch for Android, trying to fix a bug that is under active exploitation to root devices. Rated critical in severity, the vulnerability CVE-2015-1805 affects all Android devices, including Nexus phones, running Linux kernel versions below 3.18. The privilege escalation vulnerability allows apps to execute arbitrary code in the kernel, getting control over hardware and install spyware and malware, among other legit software.
The flaw, which allows apps to gain nearly unfettered “root” access that bypasses the entire Android security model, has its origins in an elevation of privileges vulnerability in the Linux kernel. Linux developers fixed it in April 2014 but never identified it as a security threat,” Goodin reports. “For reasons that aren’t clear, Android developers failed to patch it even after the flaw received the vulnerability identifier CVE-2015-1805 in February 2015. Arstechnica
The only way to fix this serious Android vulnerability that leads to "local permanent device compromise" is to re-flash Android operating system to apply the fix. As we all know how speedy OEMs and carriers are at distributing security patches, there doesn't seem to be a fix coming to millions of users. The only lucky group of people is the Nexus users who receive the OTA updates directly from Google.
Google has already uncovered at least one app that attempted to exploit the vulnerability. However, the officials did not say if the application was malicious or an app helping users root their devices.
Friday’s advisory didn’t identify the app that was exploiting the vulnerability except to say it was publicly available, both within and outside of Play, and worked on Nexus 5 and Nexus 6 phones.
Users should consider the risks before installing a rooting app that exploits the vulnerability. As always, stay away from unknown sources when you have to download any apps. "Google Play does not allow rooting applications, like the one seeking to exploit this issue," security advisory said.
Android devices with a security patch level of March 18 and April 2 are protected against this vulnerability.