A new vulnerability, called TowelRoot, just released for the Linux kernel through version 3.14.5 and it can affect Android 4.4 mobile devices, researchers said.
The vulnerability, CVE-2014-3153, affects version 3.14.5 of the Linux kernel and resides in the futex subsystem, said researchers at Lacoon Mobile Security. They call it TowelRoot because of a new tool designed to help users root their Android phones.
TowelRoot affects Android 4.4 mobile devices and is extremely prevalent on the Android-based devices on the market, including in the Samsung Galaxy S5, said Ohad Bobrov, vice president of research and development with Lacoon Mobile Security.
“This security vulnerability, when exploited, can allow any app to escalate its privileges to root (administrator) privileges,” Bobrov said in a blog post. “This would allow an attacker to bypass the Android security model and run malicious code under administrator privileges; retrieve various files and sensitive information from the device; bypass enterprise data protection applications including secure containers, wrappers and hardened apps; [and] insert a persistent backdoor on the device to be later used for further attack activities.”
The TowelRoot tool released a few days ago on the Internet. It uses the vulnerability to root many of the mobile devices in the market, such as the LG G Flex and the Samsung Galaxy Note 3. The app ended up created by white hat hacker George Hotz, aka ‘Geohot’, who has hacked Apple iOS devices.
“This tool is being widely publicized and is easily available for use without the need for technical know-how,” Bobrov said. “Right now this vulnerability is only used by the rooting tool and has yet to show up in any malicious sample. Learning from the past, we can assume that it is only a matter of time until exploits for this vulnerability are distributed through other channels.”
To mitigate the threat, he said organizations should only install applications from reputable sources to limit the likelihood of downloading a malicious application that takes advantage of the vulnerability. In addition, he suggested users not to open suspicious or unknown links sent to the device, and do not root it.