More than 6% of Android devices worldwide (as it is known as of now) have been affected with malicious code through BadKernel vulnerable apps. This infection occurred by exploiting the BadKernel vulnerability in Google’s V8 JavaScript engine. The malware infection had taken place when the Android devices had been running versions between 3.20 and 4.2 of the Google V8 JavaScript engine. Devices with later on versions are not at risk as the bug has been fixed. The latest V8 engine version is 5.1.
The Remote Code Execution (RCE) flaw had been discovered as early as in 2015, however, the extent of the devices that it had affected was known only in August 2016, and that too it cannot be considered to be worldwide complete. All devices that had run the older Google V8 JavaScript engines had been affected. This covered numerous models – from Samsung, Huawei, Motorola and LG. More than 41% of Samsung models had been affected. Country wise – Peru was found to be the most affected (20%) followed by France, Nigeria, Bangladesh, and Thailand.
Where the BadKernel vulnerability exploit takes place
Mobile browsers such as Chrome and Opera contain Google’s V8 JavaScript engine. The Android WebView component is used by mobile developers in their apps for viewing Web content inside their application. Common apps such as Gmail, Facebook, Twitter, etc.., also use the WebView component.
The Tencent X5.SDK and some other SDKs too deployed V8 engines, hence apps that contained those SDKs are also possibly affected. These SDKs had been used in many Chinese apps like Sina News, Jingdong and QQ Space, etc.., Browsers, apps, SDKs are at risk.
Mobile app developers have to perk up and analyze if their app was at risk. When analyzing, cyber-security specialists found that utilizing the BadKernel vulnerable apps with embedded V8 JavaScript engine they were able to execute malware code on Android devices. This enabled them to steal data from the Android device, and also take full control of the Android device. They were able to control the camera, SMS messaging and other activities. Cybercriminals could exploit the BadKernel flaw by loading malicious web page content, which was not a difficult task, and then deploy BadKernel exploits.
Security software – an Antivirus for android devices – that are capable of detecting the malicious code display the warning message “Your Browser is Affected! Chrome xx.x.xxxx.xxx. Java engine of your browser is affected by BadKernel vulnerability. Do not open suspicious links” when they do detect the infection.
Applications with V8 engine earlier than version 5.1 are potentially vulnerable to the BadKernel, and hence application developers must upgrade the V8 engine to the latest version to prevent exploit of the BadKernel vulnerability. Further, browsers must also be kept updated, and mobile devices must be secured with an Antivirus for android devices.
The worldwide impact of the BadKernel vulnerability will get to be known in the near future, but anyways stay protected with Antivirus for android security.