• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

DroidViews

  • Apps
  • Downloads
    • Android Apps
    • Themes
  • Guides
    • Root
  • ROMs
  • Reviews
  • Wallpapers
  • About Us
  • Contact Us

IBM Finds a New Security Vulnerability in Android

Mohammad Shahebaz | 11 Aug 2015 | Android News

This summer has been a very bad season for the Android mobile operating system. After 980 million user scare generated by Stagefright, now IBM released a new possibility of security risk, high-severity security vulnerability which can impact 55% of the Android user base.

IBM’s X-Force Application Security Research Team stated,

“In a nutshell, advanced attackers could exploit this arbitrary code execution vulnerability to give a malicious app with no privileges the ability to become a ‘super app’ and help the cyber criminals own the device,”

“In addition to this Android serialisation vulnerability, the team also found several vulnerable third-party Android SDKs which can help attackers own apps.”

What this means is, for the users who are fond of rooting their devices and who take no measure of thought when downloading .apk’s from 3rd party websites, their devices are at a huge risk of contracting this vulnerability.

IBM has classified this security leak as, CVE-2015-3825 which is in the core programming code of the Android OS. Thus, this puts risk on any device which runs every version from Jellybean to Android M, conveniently putting a full load of 55 percent of devices at risk. IBM also added that,

“The single vulnerable class that we found in the Android platform, OpenSSLX509Certificate, was enough to take over the device using our attack technique,”

The most dreaded fact of this risk is that this vulnerability can be exploited by malware at communicational midway stream between apps and services, as this time period in the process is where the binary information is coded and decoded. Malware can apparently inject malicious code in this time period and allow that innocent looking alarm clock to function as a super app, giving the hacker, full control over your device.

IBM has gone out of their way and released a video, explaining how hackers can mess with your device, in a video documentary called, “One Class To Rule Them All”

https://www.youtube.com/watch?v=VekzwVdwqIY

So what do you think of these loop-holes in our devices? Throw some light on that in the comments below.

Read Next: Free Up Space on Android Internal Storage with a VM Tweak

Tags: Security Vulnerability

Related Posts

google photos

Share Feature of Google Photos: A Privacy Concern?

android security patch

What are Android Security Patches? Should We Care About Them?

Keep Your Android Safe Hackers

How to Keep Your Android Safe from Hackers

Reader Interactions

Join The Discussion: Cancel reply

We never share our visitor/user details. For more info, Please read our privacy policy before submitting your comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Footer

  • Apps
  • Downloads
    • Android Apps
    • Themes
  • Guides
    • Root
  • ROMs
  • Reviews
  • Wallpapers
  • About Us
  • Contact Us

Privacy Policy | Terms & Conditions
© 2025 · DroidViews