Featured Articles

5th Generation Broadwell 14nm family comes in three lines

5th Generation Broadwell 14nm family comes in three lines

Intel's 5th Core processor family, codenamed Broadwell, will launch in three lines for the mobile segment. We are talking about upcoming…

More...
Broadwell Chromebooks coming in late Q1 2015

Broadwell Chromebooks coming in late Q1 2015

Google's Chromebook OS should be updating automatically every six weeks, but Intel doesn't come close with its hardware refresh schedule.

More...
New round of Nexus phone rumour kicks off

New round of Nexus phone rumour kicks off

Rumours involving upcoming Nexus devices are nothing uncommon, but this year there is a fair bit of confusion, especially on the…

More...
Nvidia officially launches the 8-inch Shield Tablet

Nvidia officially launches the 8-inch Shield Tablet

As expected and reported earlier, Nvidia has now officially announced its newest Shield device, the new 8-inch Shield Tablet. While the…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 21 February 2014 09:41

Android hit by nasty malware

Written by Nick Farrell



Which is 14 months old

The ability of Google to make sure that its Android code is properly patched is being questioned after hackers used a 14 month old vulnerability to do some serious damage. Using the Metasploit framework, the critical Android vulnerability gives attackers a point-and-click interface for hacking a majority of smartphones and tablets that run the Google operating system.

However, what is alarming is that the hole that the exploit uses has been known about by Google for more than 14 months. The critical bug is in Android's WebView programming interface and gives attackers remote access to a phone's camera and file system, SD card contents, and address books. Google patched the vulnerability in November with the release of Android 4.2, but according to the company's figures, the fix is only installed on well under half of the handsets it tracks.

Tod Beardsley, a researcher for Metasploit maintainer Rapid7 vendors need to move towards ensuring that single-click vulnerabilities like this don't last for 93+ weeks in the wild. Yesterday US Civil liberties advocates have asked the US Federal Trade Commission to take action against the nation's four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities.

The request for investigation and complaint for injunctive relief was filed Tuesday by the American Civil Liberties Union against AT&T, Verizon Wireless, Sprint Nextel, and T-Mobile USA.

blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments