Skip to main content
Cybersecurity

Researchers warn of privilege escalation attacks on Android devices

Zimperium VP of global solutions tells IT Brew that security teams should assess risks in apps on a continuous basis.

Phone with a digital lock floating above

Francis Scialabba

3 min read

Unlike judges on a cooking competition show, threat actors aren’t picky when it comes to the types of ingredients they use as part of their cyberattack schemes.

A recent report from mobile security firm Zimperium unveiled some of the ways attackers are performing privilege escalation, a type of cyberattack wherein a threat actor gains unauthorized access to higher-level permissions through seemingly legitimate apps.

Escalator. According to Zimperium researchers, some attackers are performing privilege escalations through original equipment manufacturer (OEM) permissions. OEM permissions can be abused when a malicious app pretends to be a system application, or when a regular app is compromised and leverages inherited OEM permissions.

Zimperium noted that attackers may target pre-installed apps for privilege escalation attacks because they often have “elevated privileges.” Kern Smith, Zimperium VP of global solutions, told IT Brew that attackers may be attracted to attacks that rely on these apps because they can be performed at scale.

“If I know that if somebody buys this type of device, there is a set of applications that are always going to be installed on that device…I’m going to focus my investigation to find vulnerabilities on that subset of applications,” Smith said.

Smith gave IT Brew an example of a potential attack that could impact employees who use their phone for multi-factor authentication.

“If another app on your phone has say for example, a screen overlay permission…it could potentially overlay while you go into your authenticator app and get that second factor of authentication at that point,” he said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Wake-up call. In its report, Zimperium said attackers are moving to a “mobile-first attack strategy.” Smith said that is because of the “relatively unprotected” nature of mobile devices.

Research published by Intel 471 on the same day found a surge in Android malware that involves hidden virtual network computing, keylogging, and remote control functionalities.

IT Brew previously reported on several emerging mobile device-focused threats, including a variant of Android trojan that allows malicious actors to reroute a person’s calls to their financial institution to a fraudulent number, and pig butchering, a form of investment fraud where scammers persuade their victims to make hefty investments on fake trading platforms.

Vet tech. Smith encourages security teams to look for vulnerabilities in apps not only when they are deployed, but also as they continue to undergo updates. He said apps on average receive at least five updates per year.

“Now all of a sudden, if you update the app, the app name may not change, the icon may not change, but there’s code that changes in the application,” Smith said. “So, what are you doing to ensure that the updated version of the app…doesn’t have a vulnerability or doesn’t have something within it that could expose your user data [or] your customer data?”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.