Massive Android flaw leaves 99% of devices vulnerable
Discovery by security firm BlueBox offers a 'master key' to hackers
Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.
In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.
The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.
“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.
“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”
Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.
Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.
Google have so far declined to comment.
Life & Style blogs
Best three-ingredient recipes: From Nutella brownies to mac and cheese and pulled pork
Topshop pulls 'ridiculously skinny' mannequins after being shamed by customer on Facebook
The difference between a psychopath and a sociopath
What do the emojis on Snapchat mean?
The lesser known erogenous zones - and how to find them
Labour leadership contender Jeremy Corbyn says 'we can learn a great deal from Karl Marx'
Yvette Cooper: Our choice is years of Tory rule under Jeremy Corbyn – or a return to a Labour government
The last thing Labour needs is a leader like Jeremy Corbyn who people want to vote for
I am the Jeremy Corbyn supporter that many will tell you doesn't exist
Public anger after French sunbather beaten up by gang for wearing a bikini in Reims park
Labour leadership: New poll shows party is now even 'less electable' than under Ed Miliband
- 1 Kate Winslet thanked 'particularly horrible' girl who bullied her at school after Titanic success
- 2 Australia to impose 24-hour curfew on all cats to protect endangered species
- 3 Black and ethnic minority people twice as likely to be hit by Tory cuts than white people, report finds
- 4 Walter Palmer: Cecil the lion killer revealed to be American dentist
- 5 What TripAdvisor users think of 16 of the world's most popular landmarks
iJobs Gadgets & Tech
£45 - £55k DOE: Guru Careers: A Financial Controller is required to join a suc...
£30000 - £60000 per annum: Recruitment Genius: Are you motivated to hit and ex...
£25000 - £60000 per annum: Recruitment Genius: Due to continued growth an exce...
£50000 - £65000 per annum: Recruitment Genius: A technical SharePoint Consulta...