Research: Malicious Apps Can Crash Android Phones, Cause Data Loss



Research: Malicious Apps Can Crash Android Phones, Cause Data Loss

What if someone deleted all the data on your smartphone?

If you have an Android phone, that may be more of a reality than just a rhetorical question.

In fact, recent research suggests there may be some serious vulnerabilities in the Android operating system. Tests of these vulnerabilities revealed phones with Android operating systems could be put into an endless loop of system crashes. Researchers speculate it could also culminate in all the data on your phone being erased.

According to researchers, attacks can be launched from seemingly innocent apps on the Google Play Store. It is not clear whether any current attacks of this kind are underway, however. Hackers could simply use a hidden file triggered after a certain amount of time or as soon as the smartphone is powered on. The file could cause a denial-of-service (DOS) attack  which would make the operating system permanently unavailable.

On TrendMicro’s Security Intelligence Blog, mobile threat analyst Veo Zhang explains:

“We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets. The device is stuck in an endless reboot loop, or a bootloop. This can render the device unusable, which some may consider “bricking” it.”

If this happens on your smartphone and these hidden files are launched, one of two scenarios can happen, based on the research conducted:

  • You’ll be forced to constantly relaunch the same app. And that app is likely corrupted so the hidden file will open after a certain amount of time and force it to restart.
  • The corrupted app you’ve launched will trigger a never-ending cycle of full system restarts. If this happens, the only recourse is to perform a factory reset of the device, Zhang explains. A lot of times, that means all data will be lost.

Devices running Androids 2.3, 4.2.2, and 4.3 are known to be vulnerable to the attack, ArsTechnica reports.

But what’s worse, Bouncer, the cloud-based scanner Google uses to detect suspicious apps in the Google Play store is also vulnerable to the attack. Researcher and hacker Ibrahim Balic reports on his blog he was also able to create a denial of service on Google Play. He said he did this simply by uploading an app with the appropriate trigger file to the site.

Phone Crashed Photo via Shutterstock

5 Comments ▼

Joshua Sophy Joshua Sophy is the Editor for Small Business Trends and the Head of Content Partnerships. A journalist with 20 years of experience in traditional and online media, he is a member of the Society of Professional Journalists. He founded his own local newspaper, the Pottsville Free Press, covering his hometown.

5 Reactions
  1. Gosh. Not good. Not good at all.

    Isn’t there any way data can be backed up at certain intervals so that if stuff hits the fan, there’s at least that? Is there nowhere data can be uploaded – cloud storage of some sort? Can’t Google create that?

  2. Martin Lindeskog

    Another reason for picking a close and secure platform, like iPhone? 😉

    • I’m kinda amazed a whole big company such as Google doesn’t have the know-how/technical sophistication to sort these vulnerabilities out. Or is that they can’t be bothered? Do sales have to dip significantly for them to do something about it?

  3. Every type of phone has it’s downfalls you just have to be careful about what you download.

    • Frank: I agree. I’m sure every phone has its cons. Nonetheless, it’s worrying that some Google products seem to have particular vulnerabilities, including Android.