Massive Android flaw leaves 99% of devices vulnerable
Discovery by security firm BlueBox offers a 'master key' to hackers
Thursday 04 July 2013
Security researchers have discovered a dangerous flaw in Google’s Android operating system that allows hackers to take full control of smartphones running the OS. The team behind the discovery – Bluebox Security – claim that “99% of devices” are vulnerable.
In a post on their website detailing their research Bluebox CTO Jeff Forristal says that the mistake has been present since the release of Android 1.6 in September 2009, potentially affecting nearly 900 million devices.
The vulnerability is based in “discrepancies” in how Android verifies and installs third party software (whether that is built by developers or by manufacturers). The cryptography guaranteeing that the apps have not been tampered with or modified has been found to be deficient.
“[A malicious application] not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone,” said Forristal.
“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”
Despite this, the fact that the loophole has been discovered by independent research and not as an investigation of any particular malware is comforting – meaning that malicious exploitation of the flaw is so far only hypothetical.
Bluebox notified Google of the flaw in February 2013 but did not detail how the company had responded to the threat. “It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates),” said Forristal.
Google have so far declined to comment.
Life & Style blogs
Anal sex study reveals climate of 'coercion'
Ice Bucket Challenge: ALS Association doesn't yet know what to do with all of the money raised
The science of saturated fat: A big fat surprise about nutrition?
The best gowns on the red carpet of 2014 Venice Film Festival
iPhone 6 'release date' firmed up in leaked photos of Apple smartphone
Exclusive: We share blame for creating 'jihad generation', says Muslim strategist
Robin Williams Emmys tribute led by Billy Crystal criticised for including 'racist' joke about Muslim woman
The Rotherham child abuse scandal is a tale of apologists, misogyny and double standards
Scottish independence TV debate: Pumped-up Alex Salmond bounces back in bruising second round against Alistair Darling
Do you realise just how foolish the UK looks?
Ukip Douglas Carswell defection: Tory MP jumps ship to join Nigel Farage
- 1 Students heading off to 'charity challenge' grounded at Gatwick after travel firm goes bust
- 2 Notting Hill Carnival: Woman shares selfie after being ‘punched in face for telling man to stop groping her’
- 3 Daily Show's Jon Stewart destroys Fox News for its Ferguson coverage
- 4 When elitism grips the top of British society to this extent, there is only one answer: abolish private schools
- 5 Like Jennifer Aniston, I am no less of a woman because I am childless
- < Previous
- Next >
iJobs Gadgets & Tech
£350 - £400 Per Day: Clearwater People Solutions Ltd: Our client based in Cent...
£17000 - £20000 Per Annum Bonus, Life Insurance + Other Benefits: Clearwater P...
£19000 - £24000 per annum + benefits: Ashdown Group: The Ashdown Group have be...
£25000 - £35000 Per Annum: Clearwater People Solutions Ltd: Our client are cur...