Researchers have spotted unusual activity in a malicious script which puts thousands of people using older versions of Android at risk of being hacked.
The script, discovered by security firm Kaspersky Lab, usually activates the download of Flash exploits to attack Windows-users. However, at some point it has been changed so that it can check the type of device its victims are using, searching specifically for Android version four and older.
As the experts explain, infecting an Android device is much harder for criminals than infecting a Windows PC, because windows contains vulnerabilities that allow malicious code to execute itself without any interaction from the user. On Android devices, the installation of any apps must be confirmed by the user first.
But thanks to a vulnerability in older versions of Android, this restriction can be bypassed. Those on older Android phones could download dangerous Trojans from malicious websites without their knowledge, the research found.
Malicious scripts discovered taking advantage of this flaw include one which can create malicious files on the SD-card of the attacked device, which acts as a Trojan able to intecept and send SMS messages.
Although the vulnerabilities were patched by Google, the huge number of different devices and versions of Android that exist mean that many remain unpatched. Vendors are often too slow to release the necessary security updates, or don't bother to release them at all because the device is no longer made or the version is considered 'legacy'.
To get an idea of how many devices could be at risk from these and similar exploits, in 2015 there were around 24,093 distinct Android devices out there – a figure that doubled in just two years.
There are around fifteen Android versions out there at the same time, and as of 2015 around 80% of devices were running version four or older, so more than 19,000 devices could be vulnerable to these types of exploits.
'The exploitation techniques we’ve found during our research were nothing new, but borrowed from proof of concepts, previously published by white hat researchers,' said Victor Chebyshev, security expert at Kaspersky Lab. 'This means that vendors of Android devices should account for the fact that the publication of PoCs would inevitably lead to the appearance of 'armed' exploits. Users of these devices deserve to be protected with corresponding security updates, even if the devices are no longer being sold at the time.'
The huge number of different Android operating systems and devices out there is often cited as one of the main reasons Android is so vulnerable to being hacked. But if you or your organisation does use older Android devices, there are a few measures you can take to protect yourself by drive-by attacks.
Kaspersky Lab recommends always keeping Android-based device software up to date by enabling the automatic updates function, and restricting the installation of apps from sources other than Google Play, especially if you’re managing a collection of devices used in corporate networks.