Hacking expert says 12+ popular Android apps are vulnerable

Published on Monday, August 15th by Tony Dennis

Rating: Google says the bugs aren’t in the Android OS

There’s a bit of a dispute going on between a self-styled mobile security expert – Riley Hassell and Google over potential vulnerabilities in the Android mobile OS. According to Reuters here. Hassel claimed to have identified more than a dozen widely used Android applications that make the phones vulnerable to attack in association with his colleague Shane Macaulay. However, the same report quotes Google spokesman, Jay Nancarrow, as saying that Android’s own security experts had discussed the research with Hassell and did not believe he had uncovered problems with Android. “The identified bugs are not present in Android,” Nancarrow said. Some observers are questioning whether the pair have really unearthed anything to worry about. GoMo News agrees with the sentiment that disclosing the holes in Android apps before there are fixes is a dangerous course of action.Hassell and Macaulay between them run Privateer Labs company and lay the responsibility for the alleged vulnerabilities firmly at the door of app developers.

“App developers frequently fail to follow security guidelines and write applications properly,” Hassell said. “”Some apps expose themselves to outside contact.”

If such an app is vulnerable, then an attacker can remotely compromise both the app and the handset using something as simple as a SMS/text message.

Hassell revealed why he had not gone public with his discoveries by saying that, “When you release a threat and there’s no patch ready, then there is mayhem.”

He has declined to say which apps are at fault.

It seems, though, that Google is pretty confident that any vulnerabilities aren’t the result of bugs in its Android OS.

Which isn’t the same thing as saying that Android apps are safe.

This whole disclosure came about because the pair were due to speak in Las Vegas at the recent Black Hat hacking conference with a talk entitled, ‘Hacking Androids for Profit’.

Now the pair say they should reveal all at the Hack in The Box security conference in Kuala Lumpur in October [2011].

About Tony Dennis

Tony is currently Editor of GoMobile News. He has taken over this role from Bena Roberts.
This article was published in android, google, mobile security and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>