GO
Loading...

Questions Arise About Google Android Security Risks

Certain smartphone models running Google’s Android operating system have security flaws that could allow hackers to steal personal information or record conversations, researchers said this week.

Motorola Droid X
AP
Motorola Droid X

In a demonstration at the Black Hat security conference in Abu Dhabi, a UK researcher showed how a vulnerability in the web browser on an HTC Android phone allowed him to install an application that gave him broad control over the phone.

Another method of attack is to get a user to install a seemingly harmless application, which can then be used to access data. The researcher from MWR InfoSecurity showed that the application could re-install itself with greater privileges and give a hacker broad powers, including recording.

The Black Hat presentation was the latest in a series of findings in the past two weeks raising concerns about the security of Android phones, which have overtaken those made by Apple to claim 25 per cent of the global market in the third quarter, according to Gartner.

Another team presented a similar scenario at a security conference in Oregon, using what appeared to be an innocuous application for a popular game – Angry Birds – that in turn installed malicious programs.

“We’ve begun rolling out a fix for this issue, which will apply to all Android devices,” Google said.

“As always, we advise users to only install applications they trust.”

While there have been few reports of criminals using such techniques yet, experts said it was only a matter of time.

Some of the demonstration code produced by researchers is circulating, while a recent analysis of the Android kernel – the core of the operating system – turned up scores of critical bugs, as first reportedby the Financial Times.

Most of the attack techniques that have been made public, including those shown at Black Hat, do not work on the latest edition of Android, called version 2.2.

The MWR researcher, a browser expert who uses only the first name Nils, agreed that Google could easily fix the holes he used to break into Android.

But he said that Google’s fragmented model of distribution, which includes multiple handset manufacturers and many carriers, means that some owners of older Android phones will remain exposed for an extended period.

Symbol
Price
 
Change
%Change
GOOGL
---

Featured

Contact U.S. News

  • CNBC NEWSLETTERS

    Get the best of CNBC in your inbox

    › Learn More

Don't Miss

U.S. Video

  • CNBC's Kate Kelly reports on Bill Ackman's presentation on Herbalife. Perhaps he over-hyped this, says Kelly. And Herb Greenberg, Herb Greenberg's Reality Check editor, shares his thoughts on what's likely driving Herbalife's trading action.

  • Waylynn Lucas of CNBC's "Restaurant Startup" takes us to one of her favorite restaurants, Trois Mec for a cooking demo with celebrity chef, Ludo Lefebvre.

  • CNBC's Phil LeBeau reports the government has issued a notice to all U.S. airlines prohibiting them from flying to or from Tel Aviv for the next 24 hours.