Android rooting bug opens Nexus phones to “permanent device compromise”
Millions of Android phones, including the entire line of Nexus models, are vulnerable to attacks that can execute malicious code and take control of core functions almost permanently, Google officials have warned.
The officials have already uncovered one unidentified Google Play app that attempted to exploit the vulnerability, although they said they didn’t consider the app to be doing so for malicious purposes. They are in the process of releasing a fix, but at the moment any phone that hasn’t received a security patch level of March 18 or later is vulnerable. The flaw, which allows apps to gain nearly unfettered “root” access that bypasses the entire Android security model, has its origins in an elevation of privileges vulnerability in the Linux kernel. Linux developers fixed it in April 2014 but never identified it as a security threat. For reasons that aren’t clear, Android developers failed to patch it even after the flaw received the vulnerability identifier CVE-2015-1805 in February 2015.
“An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel,” an Android security advisory published Friday stated. “This issue is rated as a critical severity due to the possibility of a local permanent device compromise and the device would possibly need to be repaired by re-flashing the operating system.”