Not one, but two new security threats have been revealed by researchers this week putting as many as 90 percent of the worlds smartphones at the risk of data and password theft. In some cases the hackers could even take full control of your device.
The first flaw was found by Accuvant, a Denver-based company, and said to affects Apple, Android and Blackberry devices, among others. By having implemented what they call “an obscure industry standard” that controls how everything from network connections to user identities are managed, everything is at risk.
The threat could enable attackers to remotely wipe devices, install malicious software, access data and run applications on smartphones, Mathew Solnik, a mobile researcher with Denver-based cyber security firm Accuvant, said in a phone interview with Reuters.
The second threat was found by researchers at Bluebox Security of San Francisco. It specifically affects devices running older Android software, up to three-quarters of them. The researchers have dubbed it the “Fake ID” vulnerability because it allows malicious applications to play a trick on trusted software signatures without any user notification.
“Essentially anything that relies on verified signature chains of an Android application is undermined by this vulnerability,” Bluebox said in a statement referring to devices built before Google updated its core software late last year.
Both research groups will present their findings during next week’s Black Hat hacking conference in Las Vegas. Accuvant stressed in a comment that the flaw they had discovered in the management software remained remote to most people. Only a few experts world wide would know how to do it.
An Apple spokesmen declined immediate comment while a Blackberry representative said they were already working closely with Accuvant and were seeking more details.
Google declined to comment on the vulnerability discovered by Accuvant, but they had quickly distributed a patch to Android phone makers on learning of the issue from Bluebox. They also said they scanned the entire Android Marketplace and found no risk to users.
Thank you Reuters for providing us with this information
Image courtesy of XL-comms