Posted by & filed under News, potentially unwanted app, vulnerability.

Imagine in a leisurely afternoon, you are sitting in a coffee shop. You want to search for the latest movie information for tonight’s dating. So you connected to the public wifi called “Starbucks”, and opened the Bing app.

Sounds natural? What you can’t imagine is, at the moment you opened the Bing app (com.microsoft.bing) under an untrusted wifi, your phone or tablet could be hacked completely. The hacker could download and install any malware app to your phone, turn your phone into a tapping device or make unauthorized phone calls, by using a remote code execution vulnerability on the Bing Android app (4.2.0 and lower).

Screenshot 2014-01-23 19.00.22 Screenshot 2014-01-23 19.07.12

Here is a prove of concept video, an attacker could install arbitrary APK from Internet into your phone, you did not do anything wrong and the only thing you do is to install and open Microsoft Bing.

 

Trustlook has reported the vulnerability to Microsoft Security 10 days ago, and closely working with Microsoft to get this fixed. The Bing team has fixed this vulnerability in version 4.2.1 which released on Jan 21, 2013.

BTW, Microsoft is not the only vendor that affected by this vulnerability. There are hundreds of vulnerable apps we have found on the play store. The total affected user could reach a billion (http://blog.trustlook.com/2014/01/09/2-years-old-android-vulnerability-still-affecting-billion-users/). We are still working with more vendors to fix this problem.
 

Screen Shot 2014-01-23 at 6.46.00 PM

In order to identify whether your bing app has been infected with this high risk vulnerability, you can download our Trustlook Antivirus application to scan your device.  If you want to learn more information, please directly contact us at support@trustlook.com

Trackbacks/Pingbacks

  1.  Hackers can PWN your Android Quick topic | usa2
  2.  [Article]Hackers can PWN your Android Quick topic | usa2
  3.  Utilisez l'application Bing et faites vous pirater votre téléphone Android en quelques secondes « Korben Korben
  4.  Utilisez l’application Bing et faites vous pirater votre téléphone Android en quelques secondes | L'actualité de la High Tech
  5.  Gilt Remote Code Execution Vulnerability | trustlook news
  6.  L’application Bing, porte ouverte aux hacks express ! | High-tech & Divertissement
  7.  zPark Venture is growing stronger with HubSpot and more superstar companies! | zPark Venture TIMES
  8.  [Trustlook Breaking News] Gilt Android App Remote Code Execution Vulnerability | zPark Venture TIMES
  9.  Multiple Games have been Marked as "Risky App" by Trustlook Antivirus | trustlook news
  10.  Popular utility tools are marked as risky by Trustlook | trustlook news

Leave a Reply

  • (will not be published)