Massive Android flaw leaves 99% of devices vulnerable
Discovery by security firm BlueBox offers a 'master key' to hackers
Thursday 04 July 2013
Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.
In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.
The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.
“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.
“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”
Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.
Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.
Google have so far declined to comment.
sportLiverpool 5 Norwich City 1: Uruguayan striker has now scored 11 league goals against the club
arts + entsOlivier-nominated actor and singer is set to star in Lloyd Webber's musical about the Profumo affair
filmWith more than 70 per cent of early films lost, archivists are scouring the world to preserve the precious examples that remain
sportThe coach of Chalfont St Peter's under-10s football team was relieved of his duties after he sent an email to parents that said: 'I am only interested in winning'
techA piece of new hi-tech kit aims to get us scribbling again
indybestMake getting out of the wrong side of bed on cold winter mornings a thing of the past with our selection of night-time covers
life + styleClarissa Baldwin is the brains behind the slogan 'A Dog is for Life not just for Christmas'
Life & Style blogs
The 10 Best Scotch Whiskies
The hardwired difference between male and female brains could explain why men are 'better at map reading'
UK chef creates world's most expensive ready meal - a fish pie costing £314
The 50 Best Christmas Gifts for Women
Surface Pro 2 review: Microsoft's tablet hybrid is worth your time, but perhaps not your money
- 1 The hardwired difference between male and female brains could explain why men are 'better at map reading'
- 2 Is this the scariest advert ever? Japanese tyre commercial comes with its own disclaimer and health warning
- 3 A forgotten episode in Russian history leaves links with the Philippines
- 4 Syrian rebels consider joining forces with regime troops to fight al-Qa’ida
- 5 ‘Put it in my mouth’: Viewers outraged by apparent reference to oral sex in VIP e-cig advert
iJobs Gadgets & Tech
£50000 - £70000 per annum + London: Harrington Starr: Senior Automation QA Eng...
£35000 - £50000 per annum + Benefits : Harrington Starr: SQL 2008 R2/2012 Deve...
£45000 - £50000 per annum + Benefits: Harrington Starr: SQL Developer (TSQL, P...
£60000 - £70000 per annum + Benefits: Harrington Starr: Senior QA Engineer Tes...