Experts have discovered a security vulnerability in the 3 million Android smartphones. Firmware company Ragentek Group allows an attacker to gain complete control over the devices.
In mid-November of this year MacDigger wrote about a backdoor code in some models of Android-smartphone brand BLU Products, actively transmitting in encrypted form on a server in China the personal information of owners of mobile devices. A few days later the specialists Anubis Networks has found that the firmware production of the Chinese company Ragentek Group, established in more than 2.8 million Android-based smartphones contains a vulnerability that allows complete access to the devices.
Dangerous security gap affects smartphones production BLU Product, Infinix Mobility, DOOGEE, LEAGOO, IKU Mobile, Beeline and XOLO.
According to experts, the problem lies in incorrect implementation of OTA updates and the lack of encryption when connecting to remote servers. Thus, the attacker can perform an attack “man in the middle”, to remotely execute commands as root on the target device, and install malicious firmware.
In addition, experts Anubis Networks found in the components of the mechanism of OTA-update code that contains the list of the three domains. At the time of detection of vulnerability is only one of the domains were registered. As explained by the researchers, if an attacker registers other domains, you’ll be able to send malicious updates to about 3 million smartphones.
