Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges which allows them to take control over the device completely. This issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices including BLU Studio G from US-based Best Buy.
This vulnerable mechanism(OTA) which is associated with Chinese mobile firm Ragentek Group, contains a hidden binary — resides as /system/bin/debugs — that runs with root privileges and communicates over unencrypted channels with three hosts. This vulnerability could allow a remote attacker to extract personal information from an affected device and even make it possible to gain access to other systems on a corporate network and steal sensitive data.
The vulnerability has been found in multiple smartphone handsets from BLU Products, along with over a dozen devices from other vendors. The list of affected Android handsets includes:
- BLU Studio G
- BLU Studio G Plus
- BLU Studio 6.0 HD
- BLU Studio X
- BLU Studio X Plus
- BLU Studio C HD
- Infinix Hot X507
- Infinix Hot 2 X510
- Infinix Zero X506
- Infinix Zero 2 X509
- DOOGEE Voyager 2 DG310
- LEAGOO Lead 5
- LEAGOO Lead 6
- LEAGOO Lead 3i
- LEAGOO Lead 2S
- LEAGOO Alfa 6
- IKU Colorful K45i
- Beeline Pro 2
- XOLO Cube 5.0
According to the researchers, this privileged binary not only exposes user-specific information to MITM attackers but also acts as a rootkit, potentially allowing attackers to remotely execute arbitrary commands on affected devices as a privileged user.
