Forget Stagefright, Android is even more unsecure than we thought

Just when we thought Stagefright was the boss among malwares on the Android platform, another new trend raises it’s ugly head to compound the many woes Android users are facing. Funny enough, this new trend is something most of us come across, but ignore all the time. This article from Arstechnica has thankfully brought this to light.

Android

You see, there are even more vulnerabilities on Android, far more than we thought or expected. In research by a group of scientists, they discovered that some exploits—which developers legitimately use to build Android rooting apps — can be easily reverse-engineered and fused into malware apps that bypass Android security systems (or Antivirus apps) undetected.

In simpler terms, apps like Root Genius, 360 Root, IRoot, and King Root etc, we all use to root our phones. The exploits they use can be reversed and fused into any other apps, which can cause damage to you phone, undetected. The scientists behind this were able to reverse-engineer a total of 167 exploits in less than month of research.

These scientists combined these exploits in one app to see what would happen, and funny enough no antivirus app was able to detect any of them. The one that did, found only 13 of the 167. Crazy right ?! This goes to tell us how useless antivirus apps are on Android. One of the researchers wrote:

“It is disappointing to see that no packed exploit is detected by any antivirus software,”

We can now see that rooting your device acts as a double-edged sword. You don’t root, you have Stagefright to contend with. You decide to root, and there’s a whole world of malware waiting for you.

11 comments

    1. how exactly does Google come in here?
      the devices Google are responsible for come with unlocked or easily unlocked bootloaders, you wouldn’t need any of these apps to root a Nexus device

    2. Google leaves it up to the manufacturers to patch the holes. Even then I doubt they will take direct responsibility for the Nexus devices

    3. they are responsible for security patches for Nexus & Android One devices. that’s not even the point, the reason why apps like these have traction is because OEMs and carriers keep locking bootloaders. it’s not that there are exploits, it’s that developers are using the exploits to bypass locked bootloaders

    4. Google produces the raw OS Na… So isn’t stage fright et all supposed to be their fault.. Cos if its OEM fault then it isn’t supposed to be an across platform problem

  1. Never had any confidence in most of the Anti-virus Apps flying about,seems all they do is try and scare you into downloading and installing one or the other of their useless stuffs just to generate adverts..

  2. I still believe so much of the viral treat is a scare tactics on the part of these Anti-virus companies,can’t remember the amount of times one virus attack warning or the other pops in my face with one funny sounding name or the other warning of dire consequences if I fail to install the so called Anti-virus Apps..

  3. Nothing do my phone!! Odeshi.. Well except for an invisible hand/app sending text to invisible number, but dealt with it with simple app permissions, think the culprit was xender

Have Your Say

Your email address will not be published. Required fields are marked *

Discussions are moderated for civility