Android Security Model Has Challenges

Following the news that Check Point uncovered and announced a new Android vulnerability, Spencer Cobb, VP of Strategy & Business Development at Cyber adAPT commented below

Spencer Cobb, VP of Strategy & Business Development at Cyber adAPT:

Not to be cavalier, security is important! But for Android it’s not unexpected, the os itself has a multitude of well documented security issues, mainly that allow for ‘escalation of privilege attacks’ since the os is not locked down. This prohibits users and isv’s from securing these devices effectively.  Hackers are turning their efforts toward mobile as more and more critical data is stored and transmitted.

This specific hack is unusual as it deals with a chip component inside the device, installed at the manufacturer. Usually hackers are taking advantage of the lack of security around the os, boot loader and permissions of Android.
Anyone using an older version of Android should be concerned about the security of their data on that platform. In general, newer versions of the os have more integrated security features which can be leveraged for protection.

The Android security model has challenges.  With more than 20,000 variants of Android globally distributed by thousands of different OEMs, getting a security fix to the various OEMs can be time consuming and challenging.  This same security challenge can also deter hackers from certain methods of attack (as they have to code for each individual iteration of the OS to be successful). Thus they resort to ‘lazier’ techniques like creating an apk that’s part of a third party (bogus or legit) application which the user must agree to changes in permissions.

The ‘quad threat’ has been patched already. So the imminent threat of a hacker remotely stealing all data or controlling the phone is reduced. But with so many OEMs it will likely take time for the patches to be deployed to all potentially infected phones.

How should people respond to this and in general:
– Check with their phone’s OEM to see if there are patches available for this specific hack.
– Use only Google play or ‘known app stores’..
– Be careful when setting privileges for 3rd party apps
– Use an on-device app scanner
– Use a VPN
– Don’t click on links or files which seem suspicious

How businesses (which care about security) should respond:
If a corporation is deploying or allowing Android devices on its network, we highly recommend:
– Using Samsung devices with Knox, as the OS is locked down.
– If general android is allowed ( which it should NOT), deploy some level of integrity measurement as the device connects to the network.
– Quarantine unprotected devices suspected of compromise until specific patches have been applied to known threats.
– Always use a VPN, preferably IPSec (e.g. Secure Device Management).
– Always interrogate all mobile traffic with threat detection
– Make sure your mobile security solution can quarantine an infected device (not just wipe) so that forensics can be applied.