Samsung Galaxy S5 and other popular phones vulnerable to “TowelRoot” Android exploit
avast! Mobile Security protects from an Android flaw which leaves nearly all new smartphones and tablets vulnerable to attack.
Last week, a wave of articles about a newly discovered Android security flaw flooded the Internet. They sounded a warning, similar to this:
“A flaw in the Android operating system may leave many Android phones and tablets vulnerable to attack, including the Samsung Galaxy S5 and Google's own Nexus 5,” reported Jill Scharr in a Tom’s Guide article.
Our Virus Lab did not waste time and started preparing for the inevitable attacks. AVAST researchers dug into the subject looking for malware to make sure that avast! Mobile Security is ready to protect our users. If you are an avast! user and your tablet or smartphone is protected by avast! Mobile Security, you are protected.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications," explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.”
Android has not made an official statement on the security flaw, however our researchers confirm that even the latest versions of the operating system are exposed (version 4 and all higher). It is very likely that versions 3.0 can be attacked, too. For those who just purchased an Android device or don’t have protection yet, we strongly recommend that you install avast! Mobile Security, before taking any further actions. Despite the fact that some of the mobile providers claim that their devices are immune to this particular Android exploit, it is highly risky to leave your device unprotected.
What is the TowelRoot Android vulnerability?
Earlier this month a security flaw in Linux, the operating system which Android is based upon, was discovered by a young hacker known as “Pinkie Pie.” Soon afterwards, a gifted teenager, notable because he was the first to unlock the unlockable - an iPhone at the age of 17, prepared a tool kit for potential hackers. Its instructions are available publicly to “purchase,” allowing even less advanced programmers to write a script that will use the exploit.
The potential exists for hackers to take full control; to simply root your device. So far the AVAST Virus Lab has not observed any massive attack, however knowing about the potential risk, our Virus Lab is ready for the attack. avast! Mobile Security is capable of discovering different variations of malware code required to exploit the bug.
Who is exposed and how to protect yourself?
Basically everyone who owns an Android device without proper antivirus protection, tablet or mobile phone, with any version of Android OS, including the newest one is at risk for malware.
In order to prevent this exploit, or any other malware attack, once you purchase your device, we advise to install antivirus first, before installing any apps, importing contacts, or starting to browse online. Our avast! Free Mobile security, as well as its Premium version are available to download and install from Google Play.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.