What if someone deleted all the data on your smartphone?
If you have an Android phone, that may be more of a reality than just a rhetorical question.
In fact, recent research suggests there may be some serious vulnerabilities in the Android operating system. Tests of these vulnerabilities revealed phones with Android operating systems could be put into an endless loop of system crashes. Researchers speculate it could also culminate in all the data on your phone being erased.
According to researchers, attacks can be launched from seemingly innocent apps on the Google Play Store. It is not clear whether any current attacks of this kind are underway, however. Hackers could simply use a hidden file triggered after a certain amount of time or as soon as the smartphone is powered on. The file could cause a denial-of-service (DOS) attack which would make the operating system permanently unavailable.
On TrendMicro’s Security Intelligence Blog, mobile threat analyst Veo Zhang explains:
“We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets. The device is stuck in an endless reboot loop, or a bootloop. This can render the device unusable, which some may consider “bricking” it.”
If this happens on your smartphone and these hidden files are launched, one of two scenarios can happen, based on the research conducted:
- You’ll be forced to constantly relaunch the same app. And that app is likely corrupted so the hidden file will open after a certain amount of time and force it to restart.
- The corrupted app you’ve launched will trigger a never-ending cycle of full system restarts. If this happens, the only recourse is to perform a factory reset of the device, Zhang explains. A lot of times, that means all data will be lost.
Devices running Androids 2.3, 4.2.2, and 4.3 are known to be vulnerable to the attack, ArsTechnica reports.
But what’s worse, Bouncer, the cloud-based scanner Google uses to detect suspicious apps in the Google Play store is also vulnerable to the attack. Researcher and hacker Ibrahim Balic reports on his blog he was also able to create a denial of service on Google Play. He said he did this simply by uploading an app with the appropriate trigger file to the site.
Phone Crashed Photo via Shutterstock