As the attack on Android phones are increasing day by day, We have a new Android security flaw that could potentially be just as troublesome. So friends think again before buying an android phone 😉
Researchers from North Carolina State University have discovered that a potential weakness in Google’s Android smartphone operating system could open the door for the recording of calls, the monitoring of the phone’s location and the sending of unauthorized SMS messages.
Smart phones from HTC, Motorola, Google and Samsung all posses a security hole which allows untrusted apps to gain accesses to aspects of a smartphone which should be locked out.
When a user downloads an app from the Android Market they are given a list of permissions that the app needs in order to function. If they see a permission that they do not want to grant, they then have the option of cancelling that installation and that is the end of that.
The new research claims that it is possible to bypass the checks, allowing apps access to certain things even though they have not been given express permission by the user. :O
The key to this appears to be the various skins and overlays manufacturers add to the stock Android experience in order to help them differentiate themselves from the competition, according to the researchers.
The code making the circumvention possible is contained in interfaces and services the device manufactures add to enhance the stock firmware supplied by Google.
In order to show what is possible, the team created a sample Android app which was then allowed to record voice, send an unauthorized SMS message and even restart the phone.
The researchers ran their app on eight different devices to test the differing levels of risk. The HTC EVO 4G was deemed to be the least secure, with Google’s Nexus S and Nexus One faring the best, but still being susceptible to some forms of attack.
watch the video for more info…
The manufacturers in question are aware of the issue, so expect to see fixes soon.
(via TheRegister)
Leave a Reply