Android permissions flaw allows eavesdropping, data theft, location tracking

“Researchers have found multiple holes in Android phones’ permissions-based security that would allow a hacker to snatch data, monitor geolocation, send SMS messages, and even eavesdrop on conversations,” Lisa Vaas reports for Naked Security. “A group of security researchers from North Carolina State University found the glitches in eight handsets from HTC, Motorola, Samsung and Google.”

“The glitchy code lies within interfaces and services added by the phone manufacturers to beef up stock firmware from Google,” Vaas reports. “These capability leaks constitute ‘a tangible security weakness for many Android smartphones in the market today,’ they said. And, they added, the snazzier the phone, the buggier the picture, given that the more pre-loaded apps are present, the more likely the gadget is to have explicit capability leaks.”

These are the eight Android smartphones they tested and found to be at risk:

* Legend
* EVO 4G
* Wildfire S

* Droid
* Droid X

* Epic 4G

* Nexus One
* Nexus S

Read more in the full article here.

[Thanks to MacDailyNews Reader “proudy.timms” for the heads up.]

Related articles:
You bank on your pretend iPhone? Are you nuts?! Android malware up 472% since July – November 16, 2011
Android security threats surge with infected ‘Angry Birds’; iPhone and iPad users unaffected – November 15, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
McAfee: Google’s Android number one in malware – August 23, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.