Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Code in some Android phones acts like dangerous rootkit

Software code from Chinese mobile firm Ragentek Group, found in certain Android devices, contains a hidden binary that acts like a rootkit, potentially allowing remote unauthenticated attackers to perform man-in-the-middle attacks and execute arbitrary commands, the CERT division of Carnegie Mellon University's Software Engineering Institute warned on Thursday.

The binary, which resides as /system/bin/debugs, performs automatic over-the-air update checks, running with root privileges, without communicating over an encrypted channel. Moreover, “there are multiple techniques used to hide the execution of this binary,” a CERT vulnerability advisory has reported.

The binary communicates with three hosts via HTTP, and server responses to the code's request include arbitrary command execution, application installations and update configurations, stated the advisory. The vulnerability, designated CVE-2016-6564, has been found in devices manufactured by BLU Products, Infinix Mobility, Ragentek, Beeline, Doogee, IKU Mobile, Leagoo and Xolo – and has been confirmed as exploitable in at least the first three of these OEMs.

BLU Products has an update that fixes the problem, the advisory added. Dan Dahlberg, research scientist at BitSight Technologies, and Tiago Pereira, threat intelligence researcher at AnubisNetworks, are credited with reporting the vulnerability.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.