CVE-2019-2114: Patched Android Bug That Allows Possible Installation of Malicious Apps

An Android bug that could allow threat actors to bypass devices’ security mechanisms was discovered by Nightwatch Cybersecurity. Successful abuse of the bug can allow threat actors to transfer a malicious application to a nearby Near Field Communication (NFC)-enabled device via the Android Beam. The bug affects Android version 8 (Oreo) or higher.

Google, which tracked the bug as CVE-2019-2114, has already released a fix in its October 2019 security bulletin. Users are advised to update their devices to prevent CVE-2019-2114 from being abused.

[Read: Hundreds of Fake Gambling Apps Spread on iOS App Store and Google Play]

How can CVE-2019-2114 be abused?

NFC allows users to transfer files between devices using the Android Beam file transfer feature from a short distance. Used for apps such as contactless payments, device pairing and access control, among others, users can fall victim to an attack when they touch a malicious payment or access terminal and have their device subsequently touched by a threat actor’s phone. Users’ phones can also be susceptible to an attack when they place their phone on a surface with a terminal hidden within.

The abuse of CVE-2019-2114 is possible because NFC’s default permission can lead to local privilege escalation by installing an application with no additional execution privileges needed. Android devices that has NFC and Android Beam enabled will bypass the “Install unknown apps” check and proceed directly to the install prompt (a one-touch option), which can allow threat actors to trick an unwitting user into installing a malware-ridden app.

Security recommendations

Apart from updating their devices, Android users can protect themselves from potential CVE-2019-2114 abuse by checking the “Install unknown apps” permission under settings. They can also err on the side of caution when they are at a public setting: if an app installation prompt appears on their screens, it would be smart not to approve it.

Malicious schemes targeting Android users are still rampant today. This year, Trend Micro has reported about many Android apps that possess sophisticated malicious capabilities. Users can avoid such threats by downloading apps only from trusted app stores. Users can also benefit from security solutions such as Trend Micro™ Mobile Security for Android™ (also available on Google Play), which blocks malicious apps.

Enterprises, on the other hand, can take advantage of the Trend Micro™ Mobile Security for Enterprise suite, which provides device, compliance and application management, data protection, and configuration provisioning, as well as protects devices from attacks that exploit vulnerabilities, prevents unauthorized access to apps and detects and blocks malware and fraudulent websites. Trend Micro’s Mobile App Reputation Service (MARS) covers Android and iOS threats using leading sandbox and machine learning technologies to protect users against malware, zero-day and known exploits, privacy leaks, and application vulnerability.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.