Rooted Android phones vulnerable due to Android kernel patching flaws
6 days ago
- #rooting-vulnerabilities
- #mobile-security
- #enterprise-threats
- Rooting and jailbreaking frameworks pose serious security risks to enterprises by enabling malware infections and system takeovers.
- Zimperium's zLabs continuously monitors these tools to stay ahead of emerging vulnerabilities in the mobile threat landscape.
- Modern rooting tools like KernelSU, APatch, and SKRoot gain root access through Android kernel patching, intercepting kernel functions to run arbitrary code.
- Authentication weaknesses in these tools, such as password-based or package-based methods, can be exploited to gain unauthorized root access.
- A vulnerability in KernelSU v0.5.7 allowed attackers to impersonate the manager app by manipulating file descriptor ordering during signature verification.
- The exploit requires the attacker's app to run before the legitimate manager, achievable via the RECEIVE_BOOT_COMPLETED permission.
- Common vulnerabilities across rooting tools include weak authentication, excessive trust in user-space input, and insecure communication channels.
- Zimperium's Mobile Threat Defense (MTD) and Mobile Runtime Protection (zDefend) SDK detect and mitigate risks from rooting tools in real-time.