Massive Android flaw leaves 99% of devices vulnerable
Discovery by security firm BlueBox offers a 'master key' to hackers
Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.
In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.
The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.
“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.
“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”
Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.
Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.
Google have so far declined to comment.
Life & Style blogs
Who is Teresa Fidalgo? Debunking the fake ghost story that's got Instagram spooked
The 10 Best Scotch Whiskies
Scottish salmon sales leap as Asia develops a taste
Grim second life of the 'breastaurant': The oft-loathed sector is booming in the States thanks to Hooters, Twin Peaks and Tilted Kilt
Health: When masturbation can be fatal: The practice of auto-erotic asphyxia is often concealed by a coroner's verdict. Monique Roffey looks at a lethal taboo
British actor Idris Elba cannot star as James Bond because he is black, says shock jock Rush Limbaugh
Germany anti-Islam protests: 17,000 march on Dresden against 'Islamification of the West'
Ukip member gets into Christmas spirit with Union Flag plea to Santa 'for our country back'
Immigrants make UK racist, says Ukip councillor Trevor Shonk
BBC director Danny Cohen: Rising UK antisemitism makes me feel more uncomfortable than ever
Katie Hopkins speaks out on childhood obesity: 'Parents of fat children should be prosecuted for child cruelty'
- 1 The political parties aren't all the same – which means 2015 will be a 'big-choice' election
- 2 President of Argentina adopts Jewish godson to 'stop him turning into a werewolf'
- 3 ALS ice bucket challenge co-founder Corey Griffin drowns, aged 27
- 4 The 'Black Museum': After 150 years, public set to see exhibits from police’s grisly crime museum
iJobs Gadgets & Tech
£35000 - £45000 per annum: Ashdown Group: Moodle Developer (PHP ,Linux, Apache...
£17000 - £30000 per annum: Recruitment Genius: This is a fantastic opportunity...
£21000 - £26000 per annum: Recruitment Genius: This Award-winning pharma softw...
£30000 - £45000 per annum: Recruitment Genius: A Senior Java Developer is requ...