According to scientists from North Carolina State
University, this can be done on Samsung, Motorola
and HTC Google handsets because they contain code that exposes powerful
capabilities to untrusted apps.
Apparently apps can bypass security defences that ask users
to give their permission before an app is given access to personal information.
The code is found in the interfaces and services that handset makers add to
enhance Google's stock firmware.
"We believe these results demonstrate that capability
leaks constitute a tangible security weakness for many Android smartphones in
the market today," researchers wrote in a paper due to be presented at
next year's Network and Distributed System Security Symposium.
"Particularly, smartphones with more pre-loaded apps tend to be more
likely to have explicit capability leaks."
The researchers found that the HTC Evo device was the
worst, leaking eight functions. Right behind it was the HTC Legend with six
leaks. Google's Nexus One and Nexus S each contained one leak.
Android's security credentials have been under the
spotlight lately. Yesterday, F-Secure's Mikko Hypponen said the Android
operating system could be "the [Windows] XP of the future" in terms
of security weaknesses.
Hypponen told The INQUIRER that Android's security weakness
will increase due to its position as the most popular operating system (OS) for
mobile phones.
According to Hypponen, Android is "more open to
different risks" because it is itself such an open OS. He said, "If
you look at the growth of Android it's growing enormously and this reminds me
of where we've been over the last 10 years."
"Windows XP is the weakest computer OS because it's
the biggest - it's going to be the easiest to attack. I'm afraid Android will
be the Windows XP of the future so it's likely to repeat."
However, with no disrespect to Mikko Hypponen, The INQUIRER
must still observe that Microsoft's Windows XP is vulnerable primarily because
it is fundamentally insecure by design, and that Google has an opportunity to
avoid this in its Android operating system.
By Rizky Amalia Pramesti - 125150200111084
No comments :
Post a Comment