The malicious apps can access personal information as well for which they do not have explicit permission from the user. Wednesday, December 14, 2011: A recent study conducted by North Carolina University reveals that it's not the Android operating system that has to be blamed for the security issues...it's actually the manufacturers of the Android devices whose modifications make the OS insecure. The report said that manufacturers' modification of Android creates way for malicious apps to access information from your phone. The malicious apps can access personal information as well for which they do not have explicit permission from the user.
Researchers tested a number of leading Android handsets where they discovered a vulnerability that allows hackers to access private data without users' permission. The study revealed that such a loophole can easily help a malicious hacker to wipe out your data, send out SMS messages and even record your conversations on the affected phones. All this can happen without your permission.
It is worth mentioning here that Android apps use a permissions-based security system, unlike iOS which informs the up-front what type of information the app may need to access. Users are given a choice to decide whether or not they want to install the app based upon the permissions granted.
The study discovers that the modification of Android by handset manufacturers creates a security hole in the permissions infrastructure of an Android phone that allows hackers to access personal information, or perform functions on the phone, even if an app doesn’t explicitly request permission to perform these activities.
According to a Digital trends report, Xuxian Jiang, assistant professor of computer science at NCSU, said, “These features are standard and make the phone more user-friendly. They make the phones more convenient to use, but also more convenient to abuse.”
The devices found vulnerable in the study include HTC Evo 4G, HTC Wildfire S, HTC Legend, Motoroal Droid and Droid X, Samsung Epic 4G, Google Nexus One and Nexus S. Both Google and Motorola have responded to the researchers, confirming their discovery. According to the report, despite their findings, the researchers say that manufacturers should not necessarily be condemned for including these loopholes. In addition, they say all is not lost with Android’s permissions-based system.
The research team writes, “Though one may easily blame the manufacturers for developing and/or including these vulnerable apps on the phone firmware, there is no need to exaggerate their negligence. Specifically, the permission-based security model in Android is a capability model that can be enhanced to mitigate these capability leaks.”
No comments:
Post a Comment