Skip to main content

Cloak And Dagger Android Malware Owns Your Device And Your Life

Researchers at UC Santa Barbara and Georgia Tech have published details of a weakness in Android which could allow a hacker to take ownership of your phone, capture all of your input (including PINs and passwords) and make hay with the information captured.

The hack uses two permissions granted by default for Play Store installs and all versions up to and including Android 7.1.2 are affected.

Scary stuff.

Google has apparently updated its Play Store security tool to prevent installation of apps with this exploit, although there's no actual fix to the platform as yet.

This kind of weakness is likely to prove common on the Android platform and is a result of the openness of the platform and the ability to customise or change the way it looks or works to a much higher degree than iOS.

The worry is that if and when Google patches this vulnerability the number of devices which actually receive the update will be virtually none. 

No platform is completely secure, that much has become very clear over the last few years. Without an effective way of getting security updates out to all Android devices quickly and reliably, Google is doing the whole community a disservice.

Especially when you look at the timeline for the release of this news on the team's website. Here you'll find out that the Android team were made aware of this weakness in August last year but marked one attack vector as 'moderate' and one as 'works as intended'. That's some pretty shoddy review process on Google's part considering the potential impact to two billion customers.

And the real kicker, the team were able to deploy a proof of concept app to the Play Store, have it vetted and approved and be available for Android users to download within just a few hours. That POC app didn't even try to hide its malicious intent...

On the plus side, it's highly unlikely your Android phone or tablet has been compromised. That's a very small amount of consolation to take away from this whole mess though.


Popular posts from this blog

F1: Robert Kubica Impresses In Renault Test Run

The car may be old but its the performance of the driver that's the story here. Robert Kubica returned to F1, after a fashion, earlier this week with an extensive test run in a 2012 Lotus Renault F1 car at Valencia.
The age of the car and the circuit were likely determined by F1's current rules which ban testing, but the reason for Kubica being in the car is far more interesting. Considered by many to be a potential World Champion and certainly one of the fastest drivers of his generation, Kubica's F1 career seemed to be over after a 2011 crash whilst driving in the Rally of Andora. His Skoda Fabia was penetrated by a guardrail in the high speed accident partially severing his right arm.
Up until last year Kubica has been competing in rallying, with the expectation that the limited movement in his repaired arm would prohibit a return to single seater racing.
So this week's test is both interesting and confusing. Interesting because Kubica completed 115 laps of the ret…

F1: Robert Kubica's Williams Test Asks More Questions Than It Answers

Comparing driver's times at a tyre evaluation test like last week's Abu Dhabi event is difficult at the best of times, but when trying to assess the performance of a driver who has been out of the sport for six years, that difficulty level is raised even higher.
On the face of it Robert Kubica's test for Williams was a success. Fastest of the three Williams drivers present the headlines look promising. However, taking into consideration the different tyres used to set those times muddies the water considerably.
Kubica ran a three lap qualifying simulation on the new 'hyper-soft' tyre - which should have given him a two-second advantage. Correcting for tyres it would appear that Kubica was significantly slower than Sergei Sorotkin - who was on the harder 'soft' tyre - and marginally quicker than Lance Stroll, the team's only contracted driver.

Stroll's family fortune currently funds Williams, so there' no chance that he will be anywhere but in a…

Panos Panay's Defence Of Microsoft Surface Hardware Sounds Eerily Familiar

This weekend I went out with my ten year old daughter to select a laptop for her school year beginning in January. The schools requirements are quite specific, requiring a Windows 10 device, with a preference for a touchscreen and a stylus. She chose a Surface Pro, after trying a large number of different options. Having seen the way I use my own Surface Pro - and tried it herself there was only ever going to be two options - and the other was a Surface Laptop.
I tell you this so that you understand I am a buyer of Microsoft's products through choice, not compulsion. I'm on my third Surface device now. 
So when Panos Panay dismissed reports of the death of the Surface hardware line, I was very interested to see exactly how strong these denials were. Especially how they reflect what has gone before. To whit: Windows 10 Mobile.
Panay claimed that Microsoft is in hardware for the long haul. Almost exactly mirroring the words of Terry Myerson, when he claimed Windows Mobile was g…