Remember meForgot password?
    Log in with Twitter

article imageHoles in Android OS create playground for hackers

By Simon Crompton     Mar 26, 2014 in Technology
Security researchers have discovered that Android, Google's mobile operating system (OS) contains a security flaw which hackers could exploit to brick tablets and smartphones that use it.
Independent researcher Ibrahim Balic found the security hole. In a blog post he made earlier this month, he revealed his discovery of the Android bricking exploit. Trend Micro, a Taiwanese security company, was able to validate Balic's findings. They confirmed that the bug is real and that the potential for the flaw to be exploited exists.
Veo Zhang, a Trend Micro mobile threat analyst made a blog post about the bug wherein he stated, "We believe that this vulnerability may be used by cyber criminals to do some substantial damage on Android smartphones and tablets, which include bricking a device, or rendering it unusable in any way,"
He further wrote that, in the context of the exploit, the device becomes bricked by being trapped in an endless cycle of reboots. A problem the developers at cabot solutions are all too familiar with.
The vulnerability, according to Trend Micro, means that hackers could construct a Trojanised application that would target any device running Android OS versions 4.0 and above. If the most recent figures at Android's Developer forum can be trusted, the bug could affect as many as 80 percent of all smartphones and tablets actively running on the Google Android operating system.
David Sancho is Trend Micro's senior threat researcher. He said that the company has not yet seen any evidence of active exploitation of the flaw by hackers, but that Balic's early exposure of the problem could motivate hackers to start using it.
"Trend Micro has not seen evidence of exploitation at this moment,” Sancho said. He added that, “as with every new vulnerability, this is no guarantee about the future. In fact, describing a new vulnerability might cause new attempts of exploitation."
Earlier in March, Bas Bosschert, CTO and security researcher with a startup called Doublethink, discovered another flaw in the Android operating system which he claimed would allow cyber criminals the opportunity to steal the conversations of users texting via the Whatsapp mobile messaging application.
Bosschert provided a detailed description of the flaw via blog post wherein he demonstrated precisely how the flaw allowed direct access to Whatsapp chats. Even after Google made updates to the Whatsapp application the previous week, the vulnerability was not fixed, according to Bosschert.
Android Smartphones | FindTheBest
He went on to say that the method of storing the Whatsapp database — on the user's SD card — is what makes that particular exploit possible. The SD card is capable of being read by any Android-driven mobile application if the user gives the app permission to access it. For hackers, this is a very easy thing to exploit.
Bosschert stated that the issue exists within the infrastructure of the Android OS. The specific problem rests in the operating system's data sandboxing system. He emphasized that it is not a security flaw with Whatsapp.
If upcoming versions of the Android OS do not address this issue, it is clear that millions of devices of all description could find themselves vulnerable to a host of cyber attacks, and with so many ways to exploit known problems, Android's developers will be hard pressed in the months to come to find ways to close these gaps.
More about Android, Hackers, Smartphones, Security
Latest News
Top News