This is the claim of a study by BlueBox security, a mobile security company which claims it has discovered a flaw in the operating system of almost all Google phones and tablets (which runs on the operating system Android) that allows hackers to modify its code in a way that "turns any legitimate application into a malicious Trojan" virus.
The company claims this vulnerability exists on any Android phone or tablet released over the last four years, affecting approximately 900 million devices.
According to the researchers the issue is central to Google's open source operating system and so far only one device has been patched.
The way it works:
Rather than creating a malicious app, cyber criminals wait for legitimate apps to be approved for sale and then go in and modify the code after and create an exploit that allows them to take over people's phones via the app.
This flaw would allow hackers to access your passwords, credit card information, emails, any information you store on your phone.
"The implications are huge!," Blue box wrote on its website.
"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."
So far it appears though this flaw only affects non Google apps, considering the amount of third party apps that exist in the Google store that's hardly a paltry number. There is also no evidence that this flaw has been exploited by anyone.
Google declined to comment.
The claims come less than six months after it was revealed by a Sydney developer that every time you purchase an app on Google Play, your name, address and email is passed on to the developer.
Last year antivirus company Trend Micro recorded 350,000 security threats on Android devices.
So what can I do about this?
- Well, the news isn't good. Until further notice, news.com.au recommends that you don't download any non-Google apps.
- Bluebox has recommended that users update their operating system to the latest version.
- Also, if you have any apps which store your personal information such as credit card or PayPal information (like eBay, Amazon or Etsy), you should remove this information immediately.
- Remove any personal information from your phone (do you have your credit card pin stored in your notes? Get rid of it).
heraldsun.com.au 5 July 2013
No comments:
Post a Comment