fbpx

Android’s ‘PackageInstaller’ Vulnerability a Gateway to hack Devices

A security flaw was found in the Android‘s ‘PackageInstaller’ system service that provides path to the hacker to hijack the installation process of a third-party Android app, which seems pretty safe to user and replaces it with a Malware (infected app of his choosing).

The security flaw was reported to Android by the teamof security researchers (Ryan Olson, Huagang Xie, Claud Xiao, Colt Blackmore, and Taylor Ettema) from the Palo Alto network. Palo Alto previously worked with Google, Amazon and Samsung to report vulnerabilities and then issue their patches. The company discovered this vulnerability in January last year and reported it to Android security team, Amazon and Samsung.

This vulnerability is so severe that the users passwords and sensitive information are not safe. They can be hijacked through the infected app which was installed through the third-party. Around 49.5 percent Android users were infected by this app before it was patched by the Android (on its latest versions only).

The Google also released a statement today that ” The Android Security Team has not detected any attempts to exploit this vulnerability on user devices.” Google also added that the Android 4.3 and later versions are not vulnerable to this flaw. But the researchers from Palo Alto said the older version users are not safe from this Vulnerability. 
So, the Android users who have older version android devices should avoid installing apps from the third party. This vulnerability affects Android device users as well as Android app developers. For Android device users, the users may end up with installing apps that are not the ones they agree to install.
Android app developers are also affected, because app-store apps and
mobile ads libraries that do not rely on Google Play store would be
likely to save the promoted apps in unprotected storage, example ‘sdcard’.
Like the example we show with Amazon appstore app, the unprotected
storage in sdcard may allow attackers to replace the promoted apps with
malware apps.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Why Is Mobile App Hacking Growing In Popularity?

A cybersecurity blog post released by Varonis in March 2021 revealed the shocking truth:  Because of the Covid-19 pandemic, a huge increase in breached...

Protecting Your ID Online in 2021

With recent large hacks and increasing sophisticated schemes, we should also be protecting ourselves with even more sophisticated defensive strategies to protect our identities...

Taking a Look at the Privacy Features of Monero

Many large cryptocurrencies available today market themselves as bastions of business transparency by making their transaction data pseudonymously available on immutable, public databases. Because...

Best Tips on Cybersecurity for Students

Students, teachers, and educational institutions can all be targeted by hackers. In fact, 87% of schools have experienced one or more successful cyberattacks. There is...