Android bug can push devices into an endless reboot loop
Posted on 25 March 2014.
A Proof-of-Concept app exploiting a recently discovered Android vulnerability that triggers the continuous rebooting of an affected device was apparently also behind the recent DoS attack on Google Play.

Speculations about the reason behind this latter event have been started by independent researcher Ibrahim Balic, the creator of the PoC app.

According to Balic, the vulnerability in question can be exploited via apps that have been equipped with an extremely long value (387,000 characters+ characters) inserted into the "appname" field in strings.xml

The existence of the flaw has been confirmed by Trend Micro researchers, and has been explained thusly:
Our analysis shows that the first crash is caused by the memory corruption in WindowManager, the interface that apps use to control the placement and appearance of windows on a given screen. Large amounts of data were entered into the Activity label, which is the equivalent of the window title in Windows.

If a cybercriminal builds an app containing a hidden Activity with a large label, the user will have no idea whatsoever that this exploit is in fact taking place. Cybercriminals can further conceal the exploit by setting a timed trigger event that stops the current app activity and then opens the hidden Activity. When the timed event is triggered, the exploit runs, and the system server crashes as a result. This stops all functionality of the mobile device, and the system will be forced to reboot.

An even worse case is when the malware is written to start automatically upon device startup. Doing so will trap the device in a rebooting loop, rendering it useless. In this case, only a boot loader recovery fix will work, which means that all the information (contacts, photos, files, etc.) stored inside the device will be erased.
The flaw apparently affects mobile devices with Android OS versions 4.0 and above.

Balic has reported the vulnerability to Googe but, by his own admission, couldn't resist testing whether his PoC app will be recognized as malicious by Google's Bouncer, so he uploaded it to Google Play.

He believes that the app has thrown Bouncer for a loop (figuratively and literally), and was the reason that other developers haven't been able to upload their APPs to Google Play for a short period of time.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th