Massive Android flaw leaves 99% of devices vulnerable
Discovery by security firm BlueBox offers a 'master key' to hackers
Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.
In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.
The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.
“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.
“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”
Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.
Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.
Google have so far declined to comment.
Life & Style blogs
How psychopaths hide in plain sight – a psychological analysis of serial killer Dennis Rader
Majority of UK women don't bathe or take a shower daily
This is what it's like to be dead, according to a guy who died for a bit
How I rescued my brain: Psychologist David Roland rewired his thoughts following a stroke
Brit Awards 2015: Red carpet round up, from Paloma Faith to Ed Sheeran
Oscars 2015: Birdman beats Boyhood as Eddie Redmayne and Patricia Arquette win big - as it happened
New theory could prove how life began and disprove God
Half of Ukip voters say they are prejudiced against people of other races
'Cash for access' scandal: Sir Malcolm Rifkind says 'unrealistic' for MPs to live on £67,000 salary
Aqsa Mahmood branded a 'disgrace' by her parents after claims she recruited three UK girls flying to Middle East
Russia's roadmap for annexing eastern Ukraine 'leaked from Vladimir Putin's office'
- 1 Liam Gallagher brands Kanye West 'utter s**t' during BRIT Awards performance
- 2 Isis burns thousands of books and rare manuscripts from Mosul's libraries
- 3 People who sleep more than eight hours are more likely to have a stroke, research shows
- 4 Kanye West climbs on table at Nando's to crowd chants of 'Yeezus' before Brit Awards 2015 performance of 'All Day'
- 5 New theory could prove how life began and disprove God
iJobs Gadgets & Tech
Negotiable: Recruitment Genius: A Software Developer is required to join a lea...
£45000 - £55000 per annum + Excellent benefits: Ashdown Group: Senior Web Deve...
Negotiable: Recruitment Genius: This company specialises in providing best-in-...
£25000 per annum: Recruitment Genius: This is an exciting opportunity to join ...