view counter

CybersecurityTwo major security vulnerabilities found in majority of world’s smartphones

Published 13 August 2014

Researchers have uncovered two major vulnerabilities in smart phones from manufacturers including Apple, Google Android, and Blackberry, among others. These flaws could put up to 90 percent of the world’s two billion smartphones at risk for stolen data, password theft, and the potential for hackers even to take control of the device.

This week, researchers at Denver, Colorado-based Accuvant and Bluebox Security in San Francisco have uncovered two major vulnerabilities in smart phones from manufacturers including Apple, Google Android, and Blackberry, among others.

As Insurance Journal reports, these flaws could put up to 90 percent of the world’s two billion smartphones at risk for stolen data, password theft, and the potential for hackers even to take control of the device.

Accuvant found an “obscure industry standard” which maps out how the full range of controls can be manipulated from an outside source.

Matthew Solnik, a researcher with the firm, said, “The threat could enable attacker to remotely wipe devices, install malicious software, access data and run applications.”

Separately, Bluebox Security discovered what it termed “Fake ID,” a vulnerability which “allows malicious applications to trick trusted software from Adobe, Google and others on Android devices without any user notification,” according to the company’s press release.

The Journal adds that these new discoveries come in the wake of the scrambling of the worldwide smartphone industry to cover and respond to many glaring security flaws in their products.

Christina Richmond, a security services analyst with the intelligence firmIDC, said that “detecting these vulnerabilities is positive in that the phone industry has a chance to act on these finding before they can be exploited by bad actors.”

She also echoed the sentiment that part of the blame rests on the users, who may be more at risk if they do not adequately update their software.

“These security threats have become everyday issues for billions of smartphone users worldwide. Mr. and Mrs. End User needs to understand the risk of not updating their phone’s software.”

Both research groups presented their findings at the Black Hat hacking conference in Las Vegas.

Apple, Google, and Blackberry have declined to comment on the information.

view counter
view counter