Featured Articles

Intel refreshes CPU roadmap

Intel refreshes CPU roadmap

Intel has revealed an update to its CPU roadmap and some things have changed in 2015 and beyond. Let’s start with the…

More...
Hands on: Nvidia Shield Tablet with Android 5.0

Hands on: Nvidia Shield Tablet with Android 5.0

We broke the news of Nvidia's ambitious gaming tablet plans back in May and now the Shield tablet got a bit…

More...
Nokia N1 Android tablet ships in Q1 2015

Nokia N1 Android tablet ships in Q1 2015

Nokia has announced its first Android tablet and when we say Nokia, we don’t mean Microsoft. The Nokia N1 was designed…

More...
Marvell launches octa-core 64-bit PXA1936

Marvell launches octa-core 64-bit PXA1936

Marvell is better known for its storage controllers, but the company doesn’t want to give up on the smartphone and…

More...
Nvidia GTX 970 SLI tested

Nvidia GTX 970 SLI tested

Nvidia recently released two new graphics cards based on its latest Maxwell GPU architecture, with exceptional performance-per-watt. The Geforce GTX 970…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 21 February 2014 09:41

Android hit by nasty malware

Written by Nick Farrell



Which is 14 months old

The ability of Google to make sure that its Android code is properly patched is being questioned after hackers used a 14 month old vulnerability to do some serious damage. Using the Metasploit framework, the critical Android vulnerability gives attackers a point-and-click interface for hacking a majority of smartphones and tablets that run the Google operating system.

However, what is alarming is that the hole that the exploit uses has been known about by Google for more than 14 months. The critical bug is in Android's WebView programming interface and gives attackers remote access to a phone's camera and file system, SD card contents, and address books. Google patched the vulnerability in November with the release of Android 4.2, but according to the company's figures, the fix is only installed on well under half of the handsets it tracks.

Tod Beardsley, a researcher for Metasploit maintainer Rapid7 vendors need to move towards ensuring that single-click vulnerabilities like this don't last for 93+ weeks in the wild. Yesterday US Civil liberties advocates have asked the US Federal Trade Commission to take action against the nation's four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities.

The request for investigation and complaint for injunctive relief was filed Tuesday by the American Civil Liberties Union against AT&T, Verizon Wireless, Sprint Nextel, and T-Mobile USA.

blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments