Over 3 Million Android Devices Vulnerable With Pre-Installed Dangerous Rootkit

Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges which allows them to take control over the device completely. This issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices including BLU Studio G from US-based Best Buy.

This vulnerable mechanism(OTA) which is associated with Chinese mobile firm Ragentek Group, contains a hidden binary — resides as /system/bin/debugs — that runs with root privileges and communicates over unencrypted channels with three hosts. This vulnerability could allow a remote attacker to extract personal information from an affected device and even make it possible to gain access to other systems on a corporate network and steal sensitive data.

The vulnerability has been found in multiple smartphone handsets from BLU Products, along with over a dozen devices from other vendors. The list of affected Android handsets includes:

  1. BLU Studio G
  2. BLU Studio G Plus
  3. BLU Studio 6.0 HD
  4. BLU Studio X
  5. BLU Studio X Plus
  6. BLU Studio C HD
  7. Infinix Hot X507
  8. Infinix Hot 2 X510
  9. Infinix Zero X506
  10. Infinix Zero 2 X509
  11. DOOGEE Voyager 2 DG310
  12. LEAGOO Lead 5
  13. LEAGOO Lead 6
  14. LEAGOO Lead 3i
  15. LEAGOO Lead 2S
  16. LEAGOO Alfa 6
  17. IKU Colorful K45i
  18. Beeline Pro 2
  19. XOLO Cube 5.0

According to the researchers, this privileged binary not only exposes user-specific information to MITM attackers but also acts as a rootkit, potentially allowing attackers to remotely execute arbitrary commands on affected devices as a privileged user.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply