Massive Android flaw leaves 99% of devices vulnerable
Discovery by security firm BlueBox offers a 'master key' to hackers
Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.
In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.
The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.
“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.
“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”
Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.
Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.
Google have so far declined to comment.
Life & Style blogs
Why you should never make assumptions about people with autism
People all over the world are getting semicolon tattoos to draw attention to mental health
Sugary drinks are killing 184,000 adults around the world every year, says study
Optical illusion turns blue demon into brunette
What do the emojis on Snapchat mean?
More Britons believe that multiculturalism makes the country worse - not better, says poll
Nathan Collier: Montana man inspired by same-sex marriage ruling requests right to wed two wives
Greece crisis: IMF was pushed around by Angela Merkel and Nicholas Sarkozy – and now it is being humiliated
'I wish the BBC would stop calling it Islamic State' – David Cameron unleashes frustration at broadcaster
Forget little green men – aliens will look like humans, says Cambridge University evolution expert
Girl, 7, stares down hate preacher at Ohio festival with pro-LGBT rainbow flag gesture
- 1 BBC told new political editor must be 'impartial' with Nick Robinson reportedly stepping down
- 2 Number of young homeless people in Britain is 'more than three times the official figures'
- 3 Humans of New York image of crying gay teen receives best response yet from Ellen DeGeneres
- 4 The map showing the most dangerous tourist destinations in Europe, according to the Foreign Office
- 5 Swedish minister gives strongest case yet on why EU should stop turning away asylum seekers
iJobs Gadgets & Tech
£30000 - £35000 per annum: Recruitment Genius: One of the UK's leading web des...
£20000 per annum: Recruitment Genius: The leading provider of Employee Managem...
£15000 - £25000 per annum: Recruitment Genius: This Kent based design consulta...
£25000 - £34000 per annum: Recruitment Genius: Are you looking to work for an ...