Home / / Android flaw exposes ‘99% of handsets’ to attack

Android flaw exposes ‘99% of handsets’ to attack

Four-year-old security vulnerability revealed; Google says no evidence of exploits

Android flaw exposes ‘99% of handsets’ to attack
Bluebox said the flaw has been around since Android v1.6 in 2009.

Another security vulnerability in Google's Android operating system emerged over the weekend, this time courtesy of mobile security specialist Bluebox Security, which said the flaw had been around since v1.6 in 2009.

Despite Bluebox having told Google about the hole in February and the Web giant and hardware partner Samsung having both released patches (according to the Wall Street Journal) Bluebox insisted on Wednesday that there was still a problem.

Android is the world's largest mobile operating system by number of handsets sold and Bluebox suggested that the vulnerability existed on 99% of devices on which the OS resided.  

"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," Bluebox said.

Trojan applications on mobile phones have a wide range of capabilities, depending on whether or not they root the phone (the equivalent for Android of jail-breaking on iOS). In extreme cases, attackers can track the phone via its GPS capabilities and even hijack the microphone to record conversations in proximity to the handset.

Google said on Friday it had searched Google Play and found no evidence that the vulnerability had been exploited.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.