A memory corruption bug is found in Android and it is possible to create a village app that erases all data

ByDick_Wu

Security researcherIbrahim BalicHas discovered a vulnerability that could crash memory on Google 's Android OS. after thatTrend MicroChecked the vulnerability discovered by Balic and it turned out that it is possible for a malicious hacker to create an application that allows the user to erase all data saved on the device.

Android Vulnerability affected Google Play Bouncer (Emulator) | Ibrahim BAL Ç Ç
http://ibrahimbalic.com/2014/android-vulnerability-affected-google-play-bouncer-emulator/

New Android Bug Causes Bricked Devices | Security Intelligence Blog | Trend Micro
http://blog.trendmicro.com/trendlabs-security-intelligence/new-android-bug-causes-bricked-devices/

Balic discovered that it is a vulnerability that could destroy memory and its operation has been confirmed with Android 2.3, 4.2.2, 4.3. This bug is the application code "Strings.xml"Indicating the name of the application"App_name"When it enters 387,000 characters or more characters, it will activate. Once the bug is activated, the terminal crashes, restarting is repeated infinitely, and even the memory may be damaged.


When Trend Micro surveyed the vulnerability discovered by Balic, the code "Activity"Labeling that entering a large amount of data in the label of" label "causes a bug is found. According to Veo Zhang of Trend Micro, "With the vulnerability discovered this time, hackers can create applications that deliberately hide the Activity with a large amount of data entered. For hackers, , It will be easy to command to open a hidden Activity at some point.The worst case is when malware is built in which a bug automatically occurs when the device starts up.The device is endless It continues rebooting and can be repaired by using a special tool, but all the data stored in the device will be erased ".

After discovering the bug, Balic then submitted the malware automatic scan function Google introduced in 2012BouncerTo work properly, create an application containing more than 387,000 characters in app_name of strings.xml and apply to Google Play. After a while, I received a lot of errors from Google Play to Balic and applied for the application to Google PlayDoS attackIt turned out to have been generating. Also, according to Balic, I also knew that while receiving errors from Google Play, many developers were complaining that "developers can not upload applications".


Balic reported a vulnerability to Google Security, but a bug that causes Dos attacks discovered by Balic in Google Play's Bouncer is currently not being repaired.