APRIL 11, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
The Old with the New: Data Breaches May Lead to Phone Phishing

Security for Home Users
Newly Discovered Android Bug “Bricks” Devices

Security for Business
Windows XP Is Dead: How Do Enterprises Move On?

Security for Home Users

Newly Discovered Android Bug “Bricks” Devices

To avoid hassle, prevention is key. At the end of the day, we are all responsible for our own devices.”

As the most popular mobile platform these days, it’s not surprising that a lot of people are poking at the Android™ code, checking for weaknesses and bugs. It’s a good thing then that the good guys found this particular device-bricking bug before the bad guys did. Read on to find out more about this pesky bug that, if exploited, could cause a lot of problems for Android owners.

The Bug

Based on Trend Micro analysis, we discovered that the bug affects multiple important services that run in the Android platform’s background. If the bug is exploited while using any of the affected services via a malicious app, that service will crash and force the entire mobile device to reboot.

The affected services include:

  • WindowManager: Handles how windows are displayed onscreen.

  • PackageManager: Handles how apps run on the device.

  • ActivityManager: Handles the apps running in the background.

While all that doesn’t sound that bad—the crash may stop what you’re currently doing while not exactly hurting your phone. But we discovered that cybercriminals can exploit this bug to trap a mobile device into an endless loop of reboots, rendering it useless. All they need to do is make sure the app that triggers the bug runs the moment the phone is turned on. So, every time you turn your mobile device on, the app executes, the bug is triggered, the service crashes, and your phone is forced to reboot. This goes on and on.

The potential of exploiting this bug is limited but we believe it can be used to mask man-in-the-middle (MiTM) attacks. It may, for instance, be used to crash an active app and instead open a maliciously coded clone, which you may have unknowingly installed, in its place.

The Solution

All hope’s not lost though. The reboot loop can be stopped by doing a hard factory device reset and deleting the malicious app, thus preventing it from running at startup. The downside? Everything you’ve downloaded (apps), stored (photos, media files, contacts) will be deleted.

You can also use Android Debug Bridge, a command line tool that allows you to communicate with your PC-connected device. We only recommend this to the most technically savvy users and/or developers because this means tinkering with what makes the Android OS work.

But if you’d rather avoid the hassle, prevention is key. Never download apps from third-party stores; always download from Google Play. Google has been notified of this bug but we are all responsible for our own devices.

Copyright ©2014 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.