NEW YORK – Android phones can be infected just receive a picture via a text message, according to a study published Monday.
This is perhaps the most serious failure of smartphone discovered until today, affecting an estimated 950 million phones worldwide, about 95% of Android In use.
The problem stems from the way that Android phones analyze incoming text messages. Even before opening a message, the phone automatically processes multimedia attachments, including images, audio or video.
That means a loaded with malware file may begin to infect the phone as soon as they have received, warns Zimperium, cyber security company that specializes in mobile devices .
This vulnerability Android keeps similarity with the recent hacking who suffered Apple phones via a text message.
But in that case, a text message froze iPhone or turn it off. Instead, this failure Android is worse, because a hacking could gain full control of your phone: delete the device, access applications or secretly turn on the camera.
In a statement to CNNMoney, Google acknowledged the flaw and said that Android has ways to limit access of a hacking independent applications and phone features. However, the hackers have been able to overcome these barriers in the past.
The flaw affects any phone made in the last five years, according Zimperium Android software. This includes devices running the Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop versions (Google baptizes their Android versions with names of desserts in alphabetical order).
Zimperium said Google warned about the failure on April 9 and even delivered a solution. The company claims that Google responded the next day and said he would soon put a patch available to customers.
Generally, in these situations, companies have a grace period of 90 days to issue a patch or solution. It is a rule that Google abides even when defects are found in other software.
But it’s been 109 days and the patch is not widely available. So Zimperium made the news public.
The question now is how quickly Google will fix this for all concerned. While Apple may introduce changes in all iPhones, Google can not.
Google is known to have a broken distribution system. There are several intermediaries between Google and its users, and these typically put off the launch of new software . There are phone companies – like AT & T and Verizon – and physical device manufacturers – such as Samsung – and they all need to work together to issue updates of software .
Google told CNNMoney that the patch has already been sent to their “partners”. However, it is unclear if any of them and passed it to the users.
For the same reason, Google put its own Nexus phones in the first row to receive updates.
This might be a case that shows why it is so important to receive updates quickly.
Chris Wysopal is an experienced hacker who now works in the cyber security firm Veracode. He says that this failure is ‘Heartbleed’ version of Android, a devastating vulnerability that put millions of computer networks at serious risk last year.
“I want to see if Google comes up with a way to update devices remotely. Unless they can do that, we have a big mess on our hands,” he said.
No comments:
Post a Comment