Security vulnerabilities when used to a hacker’s advantage can do a number of things – including stealing or erasing all of a smartphone user’s personal data. According to recent news, mobile devices using Google’s Android OS are at risk of being disabled or wiped clean because of a security flaw that was discovered but not dealt with properly.
Richard Lardner of The Huffington Post covered this scary security threat:
“Opening a link to a website or a mobile application embedded with malicious code can trigger an attack capable of destroying the memory card in Android-equipped handsets made by Samsung, HTC, Motorola and Sony Ericsson, rendering the devices useless, computer security researcher Ravi Borgaonkar wrote in a blog post Friday. Another code that can erase a user’s data by performing a factory reset of the device appears to target only the newly released and top selling Galaxy S III and other Samsung phones, he wrote.
Borgaonkar informed Google of the vulnerability in June, he said. A fix was issued quickly, he said, but it wasn’t publicized, leaving smartphone owners largely unaware that the problem existed and how they could fix it.
Google declined to comment. Android debuted in 2008 and now dominates the smartphone market. Nearly 198 million smartphones using Android were sold in the first six months of 2012, according to the research firm IDC. About 243 million Android-equipped phones were sold in 2011, IDC said.
Versions of Android that are vulnerable include Gingerbread, Ice Cream Sandwich and Jelly Bean, according to Borgaonkar. He said the Honeycomb version of Android, designed for tablets, needs to be tested to determine if it is at risk as well.
Samsung, which makes most of the Android phones, said only early production models of the Galaxy S III were affected and a software update has been issued for that model. The company said it is conducting an internal review to determine if other devices are affected and what, if any, action is needed. Samsung said it is advising customers to check for software updates through the ‘Settings: About device: Software update’ menu available on Samsung phones.”
It looks like Android needs some broad security testing across carriers and devices. An important take away from this is when a security flaw is discovered post launch, it is important to publicize the fix. While you might think making all users aware of the risk could scare them of, it is better to make them aware of the risk and the security fix in order to maintain a level of trust.
For more information on security testing click here.