GO
Loading...

Questions Arise About Google Android Security Risks

Joseph Menn, Financial Times
Friday, 12 Nov 2010 | 1:40 PM ET

Certain smartphone models running Google’s Android operating system have security flaws that could allow hackers to steal personal information or record conversations, researchers said this week.

Motorola Droid X
AP
Motorola Droid X

In a demonstration at the Black Hat security conference in Abu Dhabi, a UK researcher showed how a vulnerability in the web browser on an HTC Android phone allowed him to install an application that gave him broad control over the phone.

Another method of attack is to get a user to install a seemingly harmless application, which can then be used to access data. The researcher from MWR InfoSecurity showed that the application could re-install itself with greater privileges and give a hacker broad powers, including recording.

The Black Hat presentation was the latest in a series of findings in the past two weeks raising concerns about the security of Android phones, which have overtaken those made by Apple to claim 25 per cent of the global market in the third quarter, according to Gartner.

Another team presented a similar scenario at a security conference in Oregon, using what appeared to be an innocuous application for a popular game – Angry Birds – that in turn installed malicious programs.

“We’ve begun rolling out a fix for this issue, which will apply to all Android devices,” Google said.

“As always, we advise users to only install applications they trust.”

While there have been few reports of criminals using such techniques yet, experts said it was only a matter of time.

Some of the demonstration code produced by researchers is circulating, while a recent analysis of the Android kernel – the core of the operating system – turned up scores of critical bugs, as first reportedby the Financial Times.

Most of the attack techniques that have been made public, including those shown at Black Hat, do not work on the latest edition of Android, called version 2.2.

The MWR researcher, a browser expert who uses only the first name Nils, agreed that Google could easily fix the holes he used to break into Android.

But he said that Google’s fragmented model of distribution, which includes multiple handset manufacturers and many carriers, means that some owners of older Android phones will remain exposed for an extended period.

  Price   Change %Change
GOOGL
---

Featured

Contact U.S. News

  • CNBC NEWSLETTERS

    Get the best of CNBC in your inbox

    › Learn More

Don't Miss

U.S. Video

  • CNBC's David Faber and Carl Icahn, chairman, Icahn Enterprises, discuss corporate boards, a dysfunctional system, his impact as an activist investor and why what he does is important, as well as the use of poison pills to fend off activists. He also finds himself in the unusual position of defending Bill Ackman's recent efforts to partner with Valeant and acquire Allergan.

  • Discussing new technology in the Permian, growing market in North America, and higher earnings, with Dave Lesar, Halliburton chairman, president and CEO.

  • Paul Raines, GameStop CEO, discusses how its leadership in digital sales, market share, and ability to drive loyalty with rewards propels consumers to stay with the gaming store.