Saturday, 25 February 2012

Android bug can lead hackers to grab total control of your phone


Clicking on a link in an email that appears to be from a trusted source could lead hackers to take control of your Android handset. A flaw in a component of the open source OS is at fault according to cybersecurity firm CrowdStrike.  Once the link is pressed, the virus takes over the phone allowing the hacker to listen in on phone calls and monitor the location of the phone. It is at this point that the hacker has complete control of the phone.
Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, said he researched the problem to point out how mobile devices can be vulnerable to these attacks by hackers. It is the same MO used by hackers on desktop computers. First, find an unknown vulnerability in software, and then take advantage of it by sending malware that is activated via an emailed link or attachment. Alerovitch said, "With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices."  

The software used by CrowdStrike to simulate the flaw will attack those phones running Android 2.2, which is 28% of the Android market currently. Next week, the firm says it will have a version of the software that can attack another 59% of Android models, those running Android 2.3. The flaw in the software can be traced to the WebKit browser on the phone.

Back in 2009, a pair of researchers, sent malicious code via text messages on the Apple iPhone. Apple quickly repaired the problem after it was publicized. Hopefully for Android users, Google will be able to do the same.