Hacking experts find new ways to attack Android phones

Advertisement
By Reuters | Updated: 26 July 2012 10:28 IST
Hacking experts on Wednesday demonstrated ways to attack Android smartphones using methods they said work on virtually all such devices in use today, despite recent efforts by search engine giant Google to boost protection.

Experts showed off their prowess at the Black Hat hacking conference in Las Vegas, where some 6,500 corporate and government security technology workers gathered to learn about emerging threats to their networks.

"Google is making progress, but the authors of malicious software are moving forward," said Sean Schulte of Trustwave's SpiderLabs.

Advertisement

Google spokeswoman Gina Scigliano declined to comment on the security concerns or the new research.

Accuvant researcher Charlie Miller demonstrated a method for delivering malicious code to Android phones using a new Android feature known as near field communications.

Advertisement

"I can take over your phone," Miller said.

Near field communications allow users to share photos with friends, make payments or exchange other data by bringing Android phones within a few centimeters of similarly equipped devices such as another phone or a payment terminal.

Advertisement

Miller said he figured out how to create a device the size of a postage stamp that could be stuck in an inconspicuous place such as near a cash register at a restaurant. When an Android user walks by, the phone would get infected, said Miller.

He spent five years as a global network exploit analyst at the U.S. National Security Agency, where his tasks included breaking into foreign computer systems.

Advertisement

"Wild west"
Miller and another hacking expert, Georg Wicherski of CrowdStrike, have also infected an Android phone with a piece of malicious code that Wicherski unveiled in February.

That piece of software exploits a security flaw in the Android browser that was publicly disclosed by Google's Chrome browser development team, according to Wicherski.

Google has fixed the flaw in Chrome, which is frequently updated, so that most users are now protected, he said.

But Wicherski said Android users are still vulnerable because carriers and device manufacturers have not pushed those fixes or patches out to users.

Marc Maiffret, chief technology officer of the security firm BeyondTrust, said: "Google has added some great security features, but nobody has them."

Experts say iPhones and iPads don't face the same problem because Apple has been able to get carriers to push out security updates fairly quickly after they are released.

Two Trustwave researchers told attendees about a technique they discovered for evading Google's "Bouncer" technology for identifying malicious programs in its Google Play Store.

They created a text-message blocking application that uses a legitimate programming tool known as java script bridge. Java script bridge lets developers remotely add new features to a program without using the normal Android update process.

Companies including Facebook and LinkedIn use java script bridge for legitimate purposes, according to Trustwave, but it could also be exploited maliciously.

To prove their point, they loaded malicious code onto one of their phones and remotely gained control of the browser. Once they did that, they could force it to download more code and grant them total control.

"Hopefully Google can solve the problem quickly," said Nicholas Percoco, senior vice president of Trustwave's SpiderLabs. "For now, Android is the Wild West."

Copyright Thomson Reuters 2012

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Android, Google, Google Chrome, browser, iPad, iPhone
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Phones Will Soon Run on ColorOS 17 Instead of OxygenOS
  2. Apple Back to School Sale: Grab These Deals on MacBook, iPad Models
  3. Oppo, OnePlus Could Equip New Phones With a 10,000mAh Battery
  4. OnePlus Exits US, Europe, Continues Operations in India: 5 Things to Know
  5. Tecno Camon 50 Ultra 5G With a 6,500mAh Battery Debuts in India: See Price
  6. Infinix Xpad 30 Pro Retail Listing Reveals Specifications, Hints at Imminent Launch
  1. Samsung Patent Reportedly Shows Galaxy Z Flip Design With 360-Degree Fold, Curved Outer Display
  2. Apple May Introduce Vapour Chamber Cooling Across Foldable iPhone and Anniversary Models, Tipster Claims
  3. Google AI Mode Now Supports More Connected Apps Including YouTube Music for Everyday Tasks
  4. Tecno Camon 50 Ultra 5G Launched in India With 6,500mAh Battery, 50-Megapixel Cameras: Price, Specifications
  5. EU Regulator Exempts Smartwatches, Other Wearables From User-Replaceable Battery Mandate
  6. The Duskbloods' Closed Network Playtest Will Take Place in August, FromSoftware Confirms
  7. Skullcandy Crusher 1080 ANC Announced With With Bose Audio, Up to 60-Hour Battery: Price, Features
  8. Infinix Xpad 30 Pro Listed on Retail Website With 11-Inch 2.5K Display and 8,200mAh Battery
  9. iPad Mini With OLED Screen to Reportedly Launch in October as Apple Prepares Base iPad, iPad Air Refreshes
  10. Google Rebrands NotebookLM as Gemini Notebook; Brings Cloud Computing and Search Integration
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.