Android flaw exposes ‘99% of handsets’ to attack
Four-year-old security vulnerability revealed; Google says no evidence of exploits
Another security vulnerability in Google's Android operating system emerged over the weekend, this time courtesy of mobile security specialist Bluebox Security, which said the flaw had been around since v1.6 in 2009.
Despite Bluebox having told Google about the hole in February and the Web giant and hardware partner Samsung having both released patches (according to the Wall Street Journal) Bluebox insisted on Wednesday that there was still a problem.
Android is the world's largest mobile operating system by number of handsets sold and Bluebox suggested that the vulnerability existed on 99% of devices on which the OS resided.
"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," Bluebox said.
Trojan applications on mobile phones have a wide range of capabilities, depending on whether or not they root the phone (the equivalent for Android of jail-breaking on iOS). In extreme cases, attackers can track the phone via its GPS capabilities and even hijack the microphone to record conversations in proximity to the handset.
Google said on Friday it had searched Google Play and found no evidence that the vulnerability had been exploited.