Massive Android flaw leaves 99% of devices vulnerable

Discovery by security firm BlueBox offers a 'master key' to hackers

Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.

In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.

The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.

“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.

“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”

Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.

Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.

Google have so far declined to comment.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Team Leader

    £30000 - £35000 per annum: Recruitment Genius: One of the UK's leading web des...

    Recruitment Genius: Support and Development Engineer

    £20000 per annum: Recruitment Genius: The leading provider of Employee Managem...

    Recruitment Genius: Creative Designer

    £15000 - £25000 per annum: Recruitment Genius: This Kent based design consulta...

    Recruitment Genius: IT Gazetteer Consultant

    £25000 - £34000 per annum: Recruitment Genius: Are you looking to work for an ...

    Day In a Page

    The Greek referendum exposes a gaping hole at the heart of the European Union – its distinct lack of any genuine popular legitimacy

    Gaping hole at the heart of the European Union

    Treatment of Greece has shown up a lack of genuine legitimacy
    Number of young homeless in Britain 'more than three times the official figures'

    'Everything changed when I went to the hostel'

    Number of young homeless people in Britain is 'more than three times the official figures'
    Compton Cricket Club

    Compton Cricket Club

    Portraits of LA cricketers from notorious suburb to be displayed in London
    London now the global money-laundering centre for the drug trade, says crime expert

    Wlecome to London, drug money-laundering centre for the world

    'Mexico is its heart and London is its head'
    The Buddhist temple minutes from Centre Court that helps a winner keep on winning

    The Buddhist temple minutes from Centre Court

    It helps a winner keep on winning
    Is this the future of flying: battery-powered planes made of plastic, and without flight decks?

    Is this the future of flying?

    Battery-powered planes made of plastic, and without flight decks
    Isis are barbarians – but the Caliphate is a dream at the heart of all Muslim traditions

    Isis are barbarians

    but the Caliphate is an ancient Muslim ideal
    The Brink's-Mat curse strikes again: three tons of stolen gold that brought only grief

    Curse of Brink's Mat strikes again

    Death of John 'Goldfinger' Palmer the latest killing related to 1983 heist
    Greece debt crisis: 'The ministers talk to us about miracles' – why Greeks are cynical ahead of the bailout referendum

    'The ministers talk to us about miracles'

    Why Greeks are cynical ahead of the bailout referendum
    Call of the wild: How science is learning to decode the way animals communicate

    Call of the wild

    How science is learning to decode the way animals communicate
    Greece debt crisis: What happened to democracy when it’s a case of 'Vote Yes or else'?

    'The economic collapse has happened. What is at risk now is democracy...'

    If it doesn’t work in Europe, how is it supposed to work in India or the Middle East, asks Robert Fisk
    The science of swearing: What lies behind the use of four-letter words?

    The science of swearing

    What lies behind the use of four-letter words?
    The Real Stories of Migrant Britain: Clive fled from Zimbabwe - now it won't have him back

    The Real Stories of Migrant Britain

    Clive fled from Zimbabwe - now it won’t have him back
    Africa on the menu: Three foodie friends want to popularise dishes from the continent

    Africa on the menu

    Three foodie friends want to popularise dishes from the hot new continent
    Donna Karan is stepping down after 30 years - so who will fill the DKNY creator's boots?

    Who will fill Donna Karan's boots?

    The designer is stepping down as Chief Designer of DKNY after 30 years. Alexander Fury looks back at the career of 'America's Chanel'