Researchers have created an app which could enable a hacker to install and run corrupt code on an Android device.
Security firm ViaForensics says that the application bypasses the mobile operating system’s security permissions to give its creators access to an infected device.
The application exploits Android’s permissions system which is designed to give users control over what capabilities an app can perform. Researchers tested the app, which is not available in the Android Market, on all versions of Android from 1.5 to 4.0 Ice Cream Sandwich and successfully exploited the loophole in all cases.
“We are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel,” said ViaForensic’s director of researchand development, Thomas Cannon.
“In this demonstration, Android’s power and flexibility were perhaps also its downfall. Other smartphone platforms may not offer the controls we are bypassing at all, and the multi-tasking capabilities in Android allowed us to run the attack almost transparently to the user,” he added.
The news is a blow for Google’s mobile operating system, which has proved popular with consumers. However, despite having over 200,000 apps on the Android Market, it has proved less popular with developers, who prefer to develop for Apple’s App Store, which currently boasts over 425,000 apps and has passed the 15 billion download milestone.
This is due to the fragmented nature of the Android eco-system, the fact that iOS apps generate more revenue and security concerns, which have plagued the platform.
Earlier this month, Google was forced to remove 22 malicious apps from the Android Market. These apps posed as free versions of popular games which sent SMS messages to premium rate phone numbers when launched.
In March it removed 50 malicious apps from the Android market, making use of the remote kill feature which removed the apps from infected devices, while in June, it removed 10 spyware applications.
Security researchers have warned that such instances are likely to become more common as malware developers increasingly target the mobile operating system.
E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…
Supreme Court in US on Friday is to hear oral arguments that could well decide…
Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…
As US ban looms this month, TikTok faces a buyout offer for its US assets…
Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…
Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…