Massive Android flaw leaves 99% of devices vulnerable

Discovery by security firm BlueBox offers a 'master key' to hackers

Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.

In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.

The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.

“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.

“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”

Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.

Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.

Google have so far declined to comment.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Guru Careers: Financial Controller

    £45 - £55k DOE: Guru Careers: A Financial Controller is required to join a suc...

    Recruitment Genius: IT Sales / Business Development Manager / Account Manager

    £30000 - £60000 per annum: Recruitment Genius: Are you motivated to hit and ex...

    Recruitment Genius: IT Account Manager / IT Sales - OTE £60,000

    £25000 - £60000 per annum: Recruitment Genius: Due to continued growth an exce...

    Recruitment Genius: SharePoint Consultant

    £50000 - £65000 per annum: Recruitment Genius: A technical SharePoint Consulta...

    Day In a Page

    Turkey's conflict with Kurdish guerrillas in Iraq can benefit Isis in Syria

    Turkey's conflict with Kurdish guerrillas in Iraq can benefit Isis in Syria

    Turkish President Erdogan could benefit politically from the targeting of the PKK, says Patrick Cockburn
    Yvette Cooper: Our choice is years of Tory rule under Jeremy Corbyn or a return to a Labour government

    Our choice is years of Tory rule under Corbyn or a return to a Labour government

    Yvette Cooper urged Labour members to 'get serious' about the next general election rather than become 'a protest movement'
    Singapore's domestic workers routinely exploited and often abused in the service of rich nationals

    Singapore's hidden secret of domestic worker abuse

    David Cameron was shown the country's shiniest veneer on his tour. What he didn't see was the army of foreign women who are routinely exploited and often abused in the service of rich nationals
    Showdown by Shirley Jackson: A previously unpublished short story from the queen of American Gothic

    Showdown, by Shirley Jackson

    A previously unpublished short story from the queen of American Gothic
    10 best DSLRs

    Be sharp! 10 best DSLRs

    Up your photography game with a versatile, powerful machine
    Solved after 200 years: the mysterious deaths of 3,000 soldiers from Napoleon's army

    Solved after 200 years

    The mysterious deaths of 3,000 soldiers from Napoleon's army
    Every regional power has betrayed the Kurds so Turkish bombing is no surprise

    Robert Fisk on the Turkey conflict

    Every regional power has betrayed the Kurds so Turkish bombing is no surprise
    Investigation into wreck of unidentified submarine found off the coast of Sweden

    Sunken sub

    Investigation underway into wreck of an unidentified submarine found off the coast of Sweden
    Instagram and Facebook have 'totally changed' the way people buy clothes

    Age of the selfie

    Instagram and Facebook have 'totally changed' the way people buy clothes
    Not so square: How BBC's Bloomsbury saga is sexing up the period drama

    Not so square

    How Virginia Woolf saga is sexing up the BBC period drama
    Rio Olympics 2016: The seven teenagers still carrying a torch for our Games hopes

    Still carrying the torch

    The seven teenagers given our Olympic hopes
    The West likes to think that 'civilisation' will defeat Isis, but history suggests otherwise

    The West likes to think that 'civilisation' will defeat Isis...

    ...but history suggests otherwise
    The bald truth: How one author's thinning hair made him a Wayne Rooney sympathiser

    The bald truth

    How thinning hair made me a Wayne Rooney sympathiser
    Froome wins second Tour de France after triumphant ride into Paris with Team Sky

    Tour de France 2015

    Froome rides into Paris to win historic second Tour
    Fifteen years ago, Concorde crashed, and a dream died. Today, the desire to travel faster than the speed of sound is growing once again

    A new beginning for supersonic flight?

    Concorde's successors are in the works 15 years on from the Paris crash