An Android Smartphone data security warning has recently been issued by IBM’s X-Force Application Security Research Team. CheckPoint has also discovered Android security vulnerabilities which have potential to be exploited by hackers. The new security vulnerabilities have been discovered in the operating system, with IBM’s warning suggesting as many as 55% of Android phone users could be affected by the security flaw.
The warning came just a few days after CheckPoint discovered new flaws with Android phones which have potential to affect millions of users around the world.
One of the problems with Android Smartphone data security is due to the software installed on the devices by manufacturers. This software cannot be uninstalled without first rooting the device, and even then it is not always possible to remove the software. However, that software often contained security flaws according to the researchers. Even when flaws were identified, they were not being addressed with frequent updates. Even phone manufacturers have recently taken action to address the security risks. Samsung and LG made the decision to start addressing the security risks by issuing updates on a monthly basis. Google also announced that monthly updates would commence to address the Android device security risks.
IBM’s Android Smartphone data security warning came after a single vulnerability was discovered, albeit a very serious one. The flaw – affecting Android 4.3-5.1 – would allow a hacker to take full control of the device. Privileges could be escalating, allowing malicious code to be remotely installed.
According to one of the team’s researchers, “In a nutshell, advanced hackers could exploit this arbitrary code execution vulnerability to give a malicious app, with no privileges, the ability to become a super app and help the hackers own the device,”
The security flaw affects OpenSSLX509Certificate and can be used to exploit vulnerabilities in a communication channel between apps and services. Shell commands can be used to access data accessible through the phones, and not only the data stored on them. Users of the phone would even be unaware that their mobile had been hacked, and legitimate apps could potentially be replaced with versions that log and record all data entered. Facebook mobile could be exploited for instance. The app could be replaced with a version that delivered all entered data directly to hackers. With that information, it would be very easy for a hacker to conduct a highly convincing spear phishing campaign to gain other passwords and login information.
Check Point’s Android Smartphone data security warning concerns Samsung, HTC, LG and ZTE devices. The so-called Certifigate vulnerability the company discovered would allow hackers to hijack the phone, and log information entered into the device. The device could then be used to spy on the user. The vulnerability would allow hackers to hijack the device remotely.
Blackberry and Apple devices do not have the same issues because both companies have developed their own software that runs on hardware the companies developed. The message to healthcare providers considering buying Smartphones for their employees, is therefore to choose one of those companies and avoid Android altogether, regardless of the cost advantages offered by Android devices.