In a worrying discovery for Android users, a flaw in the operating system could leave every Android device, including phones and tablets, open for malware.
Quite possibly the first rule of safety when owning a gadget, phone or other tech device is ‘don’t download anything you don’t trust’. Stick to that and usually, your gadget will say protected from the threat of viruses and hacks that could access your data and take the device out of your control. Worryingly, avoiding downloading ‘dodgy’ software may not be enough to save the devices of Android devices as a massive software flaw could them open for virtually unstoppable tampering.
Discovered by Jeff Foristal, CTO at Bluebox Security, the problem with the Android software is that in its APK code, there’s a loophole that allows malware to be launched or unwittingly downloaded onto the device, with the hardware thinking that it’s authentic cryptographic software, when it is in fact incredibly dangerous and safety-compromising.
This problem is rumoured to affect around 99% of all Android powered gadgets, including phones and tablets alike, as the issue dates all the way back to the Android 1.6 Donut OS, which was launched four years ago.
The damages that downloaded malware could carry out, once loaded onto the device, could have disastrous consequence, as Foristal explains, “Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed”. He continued to say that “The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls)”.
Foristal then continued to explain that in the same way that hacked computers can work, the hacked Android devices, which he described as “’zombie’ mobile devices”, could function like a botnet, being awoken to share malicious data or work together for the hacker’s own uses, which could be catastrophic.
Worrying still, is that this critical issue was reported to Google by Foristal back in February 2013 and from what we can gather, Google have done very little to fix it.
If Google do issue a fix, or release a statement on the bug, we’ll keep you posted.
Source : gamesindustry international