Over 3 Million Android Devices Vulnerable With Pre-Installed Dangerous Rootkit

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges which allows them to take control over the device completely. This issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices including BLU Studio G from US-based Best Buy.

This vulnerable mechanism(OTA) which is associated with Chinese mobile firm Ragentek Group, contains a hidden binary — resides as /system/bin/debugs — that runs with root privileges and communicates over unencrypted channels with three hosts. This vulnerability could allow a remote attacker to extract personal information from an affected device and even make it possible to gain access to other systems on a corporate network and steal sensitive data.

The vulnerability has been found in multiple smartphone handsets from BLU Products, along with over a dozen devices from other vendors. The list of affected Android handsets includes:

  1. BLU Studio G
  2. BLU Studio G Plus
  3. BLU Studio 6.0 HD
  4. BLU Studio X
  5. BLU Studio X Plus
  6. BLU Studio C HD
  7. Infinix Hot X507
  8. Infinix Hot 2 X510
  9. Infinix Zero X506
  10. Infinix Zero 2 X509
  11. DOOGEE Voyager 2 DG310
  12. LEAGOO Lead 5
  13. LEAGOO Lead 6
  14. LEAGOO Lead 3i
  15. LEAGOO Lead 2S
  16. LEAGOO Alfa 6
  17. IKU Colorful K45i
  18. Beeline Pro 2
  19. XOLO Cube 5.0

According to the researchers, this privileged binary not only exposes user-specific information to MITM attackers but also acts as a rootkit, potentially allowing attackers to remotely execute arbitrary commands on affected devices as a privileged user.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply