September 09, 2015

Android has had the misfortune of having a few loopholes over the years. And as newer versions are released to cover them, different ones are discovered that could still be deadly. The problem does not lie with Android alone, however, all operating systems have had security issues, from Microsoft to Apple. In fact, some of the deadliest vulnerabilities have been found on the iPhone, but I’m not pointing fingers.

Last year Android Lollipop was released which promised to be more secure. Android even made it a point to get companies onboard with Android for Work because they believed it was so secure. But, like with all things tech, vulnerabilities have been found, including some which were only recently discovered.

The ‘Certifi-gate’ mRST flaw

Only discovered a week ago by Check Point, this flaw allowed attackers complete remote control over your device. Handset makers, OEMs, usually add a ‘layer’ of their own software on top of Android to make it look different, like TouchWiz for Samsung and Sense for HTC. In this layer are two mobile Remote Support Tool plugins which attackers would exploit by sneaking a bogus app onto the device from the Play Store.

This threat has not yet been fixed, and although Google has already sent a patch to OEMs, they can’t do anything by themselves because this error doesn’t lie on their part. Certifi-gate can affect all Android versions up to 5.1, and we just have to wait until Samsung releases some kind of patch.

‘Stagefright’ mms flaw

This is a very serious flaw and also affects all devices up to Android 5.1. Do you remember mms? That feature to send media via SMS? Most of us have forgotten it thanks to WhatsApp, Facebook and Skype, but hackers didn’t. Attackers can send you a video message which would then delete itself so wouldn’t even know it was there.

Also just like Certifi-gate, we’re waiting for manufacturers to send the patches. In the meantime, some carriers have disabled automatic mms retrieval to avoid accidentally receiving the virus.

What to do

Right now,we’re all waiting for word from Google, and our carriers. In the past, these flaws have taken weeks before being addressed and I suspect the same for these two. But with the imminent release of Android Marshmallow, we’re more likely to just get the patches that way. Also, there are many more flaws affecting android, but the rest of them affect earlier Android versions. So I guess in some way, Lollipop really is secure, only 2 errors!

Leave a comment

Comments will be approved before showing up.