Crisis Management for Scary Android Security Flaw

Major threat to popular mobile operating system

It doesn’t get much scarier than this. Bluebox Security claimed to have discovered a vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into Trojan malware. Google has told ZDNet that the hole has been patched and that it has been released to original equipment manufacturers (OEM)s.

Bluebox Security CTO Jeff Forristal had said that this Master Key vulnerability has been “around at least since the release of Android 1.6, [and] could affect any Android phone released in the last four years — or nearly 900 million devices.”

This quote, from a ZDNet blog post by Steven Vaughn-Nichols, explains the scary security flaw that leaves nearly every Android phone vulnerable to certain types of attacks. While official app downloads through the Google Play store aren’t a concern, those aquired from just about anywhere else have the potential to be hidden threats which could allow hackers full access to your Android device.

Google’s Android team is actually rather adroit at crisis management, and found a fix for this security flaw soon after being informed by Bluebox. Problem is, Android is only an operating system, meaning it’s up to each device’s manufacturer to push Google’s fix out to their customers. Of course, to our great shock (sarcasm very much intended), many have still neglected to do so.

The skyrocketing popularity of mobile devices makes them popular targets for hackers seeking to steal corporate secrets, blackmail for profit, or simply ruin someone’s day. Run malware scanning software whenever possible, stay on top of news related to the brands and operating systems you use, and don’t make the common mistake of delaying security patches that are pushed through; it could make the difference between losing your data and shutting a hacker out.

The BCM Blogging Team
http://www.bernsteincrisismanagement.com/

Print Friendly

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>