Security company Bluebox has found a potentially major flaw in the Android operating system that affects 99% of all Androids users. Although the company has deemed the risk theoretical at this point, it is still unnerving for Android users given the amount of personal information we now move through out mobile devices. According to Zdnet.com:
“Researchers from Bluebox Security claim to have discovered a vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into a trojan.
According to Bluebox Security CTO Jeff Forristal, who made a very high-level post on the company’s blog on how the vulnerability works, applications could be modified to do things like steal data or connect to a botnet and go completely unnoticed by the app store, phone, and end user…This vulnerability, around at least since the release of Android 1.6, could affect any Android phone released in the last four years — or nearly 900 million devices.”
Wow! That’s potentially a billion devices at risk. While this is theoretical, if executed the effects could be far-reaching throughout the Android experience as reported by computerworld.com:
“Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
The vulnerability can also be exploited to gain full system access if the attacker modifies and distributes an app originally developed by the device manufacturer that’s signed with the platform key — the key that manufacturers use to sign the device firmware.”
Now before you throw your Android device into the trash, as we said this is only theoretical, and there’s been no reported incidents related to the flaw.
As stated by techcrunch.com:
” While 99% of Android phones being technically vulnerable to app hackers is a tough stat to ignore, it’s worth emphasizing that just because such a flaw (apparently) exists it doesn’t mean it has or will be widely exploited — especially as, in this instance, it has been flagged to Google prior to being made public. And Google is presumably hard at work on a fix.”
The problem though is that one of Android’s biggest strengths becomes its biggest weakness in this scenario. Most people love Android because it is open format and you are free to customize as you wish and third party applications are easier to get. As a result of this, however, Android users are more likely to be affected by malware because this scenario can only be executed from said 3rd party apps, not from the Google Play store. So this isn’t currently a problem, but be sure to update you Google OS, and keep away from 3rd party apps.
