The so-called “master key” allows hackers to access all sorts of personal information, the stuff usually only stolen by the federal government.
With 900 million devices potentially compromised by the “master key,” which is said to have been around since as early as 2009, this is a major blunder for Google Android developers.
With 900 million devices potentially compromised by the “master key,” which is said to have been around since as early as 2009, this is a major blunder for Google Android developers.
Jeff Forristal of Bluebox, the firm that revealed the existence of the key, said the implications of the discovery were “huge.”
“It can essentially take over the normal functioning of the phone and control any function thereof,” Forristal, who alerted Google of the key back in February, wrote on the firm’s blog.
Forristal then went on to write about exactly what this lapse in security could mean for Android users.
“Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed,” wrote Forristal. “The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls).
“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”
While the Android platform has been praised for being more open-ended than Apple’s iOS, this is the result of having a lack of regulation.
While the Android platform has been praised for being more open-ended than Apple’s iOS, this is the result of having a lack of regulation.
No comments:
Post a Comment