Featured Articles

HP Stream is a Chromebook killer priced at $200

HP Stream is a Chromebook killer priced at $200

We have been hearing reports of a new breed of affordable Windows notebooks for months. It is alleged that a number…

More...
AMD Radeon R7 SSD line-up goes official

AMD Radeon R7 SSD line-up goes official

AMD has officially launched its first ever SSDs and all three are part of AMD’s AMD Radeon R7 SSD series.

More...
KitKat has more than a fifth of Android users

KitKat has more than a fifth of Android users

Android 4.4 is now running on more than a fifth of Android devices, according to Google’s latest figures.

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 21 February 2014 09:41

Android hit by nasty malware

Written by Nick Farrell



Which is 14 months old

The ability of Google to make sure that its Android code is properly patched is being questioned after hackers used a 14 month old vulnerability to do some serious damage. Using the Metasploit framework, the critical Android vulnerability gives attackers a point-and-click interface for hacking a majority of smartphones and tablets that run the Google operating system.

However, what is alarming is that the hole that the exploit uses has been known about by Google for more than 14 months. The critical bug is in Android's WebView programming interface and gives attackers remote access to a phone's camera and file system, SD card contents, and address books. Google patched the vulnerability in November with the release of Android 4.2, but according to the company's figures, the fix is only installed on well under half of the handsets it tracks.

Tod Beardsley, a researcher for Metasploit maintainer Rapid7 vendors need to move towards ensuring that single-click vulnerabilities like this don't last for 93+ weeks in the wild. Yesterday US Civil liberties advocates have asked the US Federal Trade Commission to take action against the nation's four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities.

The request for investigation and complaint for injunctive relief was filed Tuesday by the American Civil Liberties Union against AT&T, Verizon Wireless, Sprint Nextel, and T-Mobile USA.

blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments