First exploit for April's GingerBreak root crack found Researchers have publicised probably the most dangerous Android malware examples yet discovered, a Trojan that exploits the GingerBreak root hack (CVE-2011-1823) in Android 2.3 that gained wide publicity after its discovery in April.According to a team at North Carolina State University, which analysed the malware in conjunction with Chinese mobile security firm NetQin, ‘GingerMaster’ bears many of the hallmarks of the growing family of Android Trojans that currently circulate on third-party sites in China but with some interesting and dangerous new innovations.Packaged as part of what appears to be a legitimate app showing pictures of women, GingerMaster uploads as much user and device information as it can to a remote server, including smartphone IMEI and telephone number. At this point the server will silently download malware exploiting the GingerBreak root hack which once installed will have complete control over the smartphone. Because this is a root hack, the malware is able to bypass the Android system that controls app permissions, which brings home the seriousness of this type of fundamental attack. With such low-level access, Android security programs will be powerless to stop it and getting rid of it will for most users require a complete device wipe and factory reset. Vulnerable versions of Android are 2.3.3 (Gingerbread) with anecdotal evidence that 2.2 (Froyo) can also be rooted by the Trojan. Google patched the vulnerability being attacked soon after its discovery in April but it is unlikely that many users will have received an update; networks seem reluctant to issue patches unless absolutely necessary because of the support workload involved.The easiest way to avoid this malware for now is simply never to use third-party download sites and stick to Google’s own Market. It is dicey issues such as this which probably partly explain why Google felt it necessary to build its own hardware wing by buying Motorola’s mobile division last week. This will give it some control over the way software versions are distributed to users, not to mention how frequently and effectively they are patched as new exploits arise. Related content feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Compliance Compliance Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO Careers Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe