Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Attacker slips malware past Ubuntu Phone checks

Splash screen bug squashed

Canonical has issued a security advisory to all fifteen people who installed a particular Ubuntu Phone app.

While its reach might be trivial, the bug itself was serious: someone worked out how to bypass checks that are supposed to protect the Ubuntu Phone operating system's single-click app installation process.

As the company's Ubuntu client director of software engineering Olli Ries writes, the bug was exploited in an app called test.mmrow in the phone OS software store.

The malicious app created a script that modified the boot splash screen and gave the attacker root access to the phone, he explains.

It generated an “unconfined security policy” on the target device, Ries writes, and was “then able to create a shell script that has the ability to elevate its privileges to the root user and extract a tar file that contains images that are flashed when the phone is rebooted into recovery mode”.

That the app got into the Ubuntu phone store reveals two problems, Ries continues: one in the system's click review tools, the other that the app got past the store's automated review tools.

“The offending app was constructed in a way that made it look like it used a standard confinement template, but it specified an unconfined template in the alternate directory”, he explains, and that got it past the code review tools.

The Ubuntu Phone click review tools are also being updated to close the holes the app exploited.

Ubuntu phone vuln captured by Szymon Waliczek

Szymon Waliczek captured the vulnerability in action

Ries emphasised that the bug only affected the phone operating system. The company will push out a bug fix and says it's contacted all 15 users who downloaded test.mmrow (two of whom were Ubuntu staffers). ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like