A two-year-old security flaw could give hijackers root access to your Android phone

Google Marshmallow
Google warns that hijackers could get root access to your Android phone from an application using a security flaw that was first discovered two years ago.


The flaw is part of the Linux Kernel, which is what Android is built on. It was actually fixed in April 2014, but it wasn’t flagged as a vulnerability at the time. Later in February 2015, the security implications were discovered, and it subsequently received the CVE-2015-1805 identifier. Even so, it wasn’t an issue for Android devices since it wasn’t ported to the Android software.

However, last month the CoRE Team found that this vulnerability could be exploited by hackers to achieve root on Android devices. A hacker with root access to your device would acquire superuser access, which is more control than even you or other third-party apps have. They would be able to access and modify all system files.

CoRE notified Google of the exploit and the company started working on a patch that would be included in a future security update. Unfortunately Google couldn’t work fast enough, as Zimperium, the security team who uncovered the Stagefright hack, told Google the exploit was already in use on a Nexus 5 phone.

This was done through an application in the Play Store that has already been blocked. Google actively blocks apps that attempt to achieve root access, but it’s unclear how long the app was in the wild. Google said in a security advisory, “Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges.”

Google classified this issue with a Critical severity rating, but the application in question wasn’t considered malicious. However, the Critical severity rating means that other hackers could use the same exploit to spread malware.

A patch is on the way

Google already published patches for the flaw in the Android Open Source Project (AOSP) for the 3.4, 3.10 and 3.14 versions of the Android kernel. Version 3.18 and above aren’t vulnerable.

These patches will be included in the April security update for Nexus devices. That’s the good news. The bad news is that Nexus devices only represent a handful of Android devices. It’s up to the manufacturers to issue patches for all the other Android devices around the world.

How to protect yourself

We know that exploits such as these can be scary, but you’re unlikely to fall victim to it if you make sure to download apps only from Google Play since Google will block any apps that use the exploit.

If you must install an app from a third party, make sure Verify Apps is turned on. To do this, open Settings, and find Google. Tap on it, followed by Security. Scroll down to the Verify Apps section and make sure that Scan device for security threats is turned on. Now any third-party apps that you install will be scanned for threats. Verify Apps is a good thing to turn on because it will protect you from all other exploits, not just this one.

If you want to find out if your device has received the patch, head into Settings, and tap on About Phone. Find the heading for the Android security patch level. If it’s April 1, 2016 or newer, you’re all set. If not, you can always contact the manufacturer of your phone and find out when the update will take place.

Product Review

It's so fast it has a clip-on fan. But the Asus ROG phone isn't just for gamers

Is a gaming smartphone only something a mobile gamer should consider buying? In the case of the Asus ROG Phone, the good news is the device is so capable, and a genuinely impressive all-rounder, that everyone should take a closer look…

Cloudflare’s privacy-enhancing DNS service comes to iOS and Android

Cloudflare's DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.

Keep on clicking with the 10 best browsers for Android

Browsing the web on an Android device should not be a pain. Check out our picks for the best browsers for Android, so you can surf the web with greater ease and access a trove of unique features.
Home Theater

Want to mirror your smartphone or tablet onto your TV? Here's how

A vast arsenal of devices exists to allow sending anything on your mobile device to your TV. Our in-depth guide shows you how to mirror content from your smartphone or tablet to the big screen from virtually any device available.

Samsung Galaxy S9, S9 Plus, Note 9 set to receive Android 9.0 Pie in January

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.

Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.

Google’s Gboard now uses A.I. to recommend GIFs based on your conversation

Google is bringing a new feature to Gboard that should make it better for those that regularly use GIFs and stickers. The feature essentially uses A.I. to recommend GIFs and stickers based on your conversation.

Get your gaming on the go with this list of the 25 best Android games

The Google Play Store is loaded with both terrific and terrible gaming titles. We vetted the store to bring you some of the best Android games available, whether you're into puzzles, shooters, racing games, or something else.

The LG V30+ gets a huge price cut on Amazon, today only

Though Amazon early Black Friday deals began at the start of November, the discounts are only just now starting to get good. Today only, Amazon is offering a whopping 40 percent off the unlocked LG V30+.

These 100 best iPhone apps will turn your phone into a jack-of-all-trades

The iPhone is the most popular smartphone in the world, and we want to bring out the best in yours. Behold our comprehensive list of the best iPhone apps, from time-saving productivity tools to fun apps you won’t be able to put down.

Our favorite Windows apps will help you get the most out of your new PC

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks.
Social Media

Twitter boss hints that an edit button for tweets may finally be on its way

Twitter has been talking for years about launching an edit button for tweets, but it still hasn't landed. This week, company boss Jack Dorsey addressed the matter again, describing a quick-edit button as "achievable."

Lyft’s new rewards program promises ride discounts and comfier cars

If you're always hopping in and out of a Lyft car, then you'll be pleased to hear that the ridesharing service is about to launch a rewards program. Perks include discounts on future trips and upgrades to comfier cars.

The world’s first smartglasses showrooms open in Brooklyn and Toronto

Canadian startup North is hoping smartglasses will be the next big wearable. After announcing its new Focals smartglasses in October, the company opened product showrooms in Brooklyn and Toronto.