in the last few years Android has certainly upped its game to bring it into line with the iOS user experience. However, one area that they cannot compete in is security. It’s well known that the iOS firmware is one of the most secure in the world whereas Android, partly because it is open source, is full of holes that make security breaches easy. Indeed, last year alone the mobile platform was the recipient of 96% of all mobile malware attacks.
Now, another breach has been discovered, one that allows your Android device to be potentially taken over and controlled by some-one who has less than honest intentions. The vulnerability makes use of the way in which Android apps are signed for authenticity purposes – this stops users from downloading and installing apps that have been modified by someone other than the developer. Bluebox, a security firm have picked up that this security breach has been in existence since Android 1.6. That’s getting on for 4 years old now and, at that time, there wasn’t any need for verification signatures. What is really worrying though is the fact that 99% of all Android devices currently on the market are open to this breach.
Should this breach be used any malicious apps would be able to be treated as legitimate ones, meaning that anyone downloading them without realizing could be in some serious trouble. What’s even worse is if apps that have been modified by these hackers are released as stock apps, they could be nigh on impossible to get rid of. Many native apps cannot be installed or moved and can make whatever changes they like without a license so if similar malicious apps are being downloaded there is no telling what the consequences might be.
According to BlueBox this is because these apps are able to access your emails and SMS messages and, if they could be found also things like your bank details. On top of this, there’s also the issue of an invasion of your privacy. However, even that is not the worst it can get. With a bit of time and effort an individual could build a silent botnet – for those that don’t know, this is a network of computers or programs connected via the internet and infected with malicious software. The consequences of that scenario do not bear thinking about.
The safest way to steer clear of this type of breach is to stay away from third-party apps and only use Google Play Store to download from. In the meantime we can only hope that Google are taking the matter seriously enough to do something about it.
No comments:
Post a Comment