a4aefe28logo-bullet

Android version 2.3 contains a data leak vulnerability, similar to that found in previous versions. A computer security researcher at NC State University, Xuxian Jiang, has identified a security vulnerability in the latest version of Google Android, version 2.3, also known as Gingerbread. The vulnerability gives attackers access to user data – similar to a vulnerability identified in previous iterations of Android, which Google thought it had fixed with the latest version. Basically, simply by clicking on a link, Android users may give attackers access to personal information. If exploited, the vulnerability would allow a malicious Web site to read…

Adobe have recently announced that there is a security vulnerability in some of their software, including Flash for Android. In particular, Adobe Flash Player 10.1.95.2 and earlier versions. It is worth noting that Adobe is not currently aware of attacks targeting Flash, but our advice is to be safe and switch to on-demand plugins (Settings -> Enable Plug-ins -> On Demand). This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe…

It’s a session of good news from Adobe right now. Not only have they fixed the security vulnerability effecting Android devices with Flash, but they may also be set to release a version of Adobe AIR for Android in the not too distant future. I am often asked what Adobe AIR actually is, in particular by gadget enthusiasts who are not super technical. Adobe AIR isn’t just a catchy name; AIR actually stands for something: Adobe Integrated Runtime (AIR). So, Adobe Integrated Runtime is an environment that allows one piece of code written on a Windows machine to run perfectly…

Kaspersky Lab, a firm specializing in security development, confirmed that it detected the first Trojan SMS app for Android smartphones.  The app, called Trojan-SMS.ANdroidOS.FakePlayer.a, is disguised as a media player and prompts users to install its 13KB .APK application file.  The Trojan is SMS-based and sends text messages to premium messaging service phone numbers that results in large phone bills.

At a recent software security conference called Def Con, Nicholas Percoco, head of Spider Labs, basically revealed how easy it is for an Android hacker to grab hold of your personal information, SMS, make calls and even grab your location. The whole thing allegedly took them two weeks to build. “There are people who are much more motivated to do these things than we are,” he added. The actual phones used in the demonstration of the attack took place on HTC Legend and Desire smartphones. Of course, the point is that it could be conducted on any Android phones. According…

Over the last few days there have been a number of blog posts and reports stating that ’20% of Android Applications threaten privacy’ or ‘pose a potential privacy threat’. These sensational headlines came about after SMobile Systems published a white paper stating that this was the case (having done research to prove it). What has subsequently become clear is that SMobile Systems’ President and Vice President of Operations are former AT&T employees. As you will know, AT&T have the iPhone and Android is a significant competitor. Furthermore, SMobile Systems sell software for Android which protects against security threats. Overall, there…

An article at Internet Storm Center published yesterday warns of  Malware on the HTC Hagic. Panda Security came across the infection when one of their employees baught a brand new Vodafone Android device and plugged it into their Windows based computer. Analysis of the malware revealed that it was a Mariposa bot client. In a blog post at Panda Security, researcher Pedro Bustamante said, “Here is yet another example of a company distributing malware to its userbase. Unfortunately it probably won’t be the last”. Bustamante noted that when a colleague/friend of his hooked up the Vodafone HTC Magic to her…

Android-sorry-2

Uh oh, a security flaw that allows unauthorized access to a locked Motorola DROID has been discovered rather haphazardly by desperate folks who were locked out of their phone. After 20 incorrect tries at entering the proper unlock sequence, an Android handset will lock itself, requiring the user to enter their Google account information. Sounds nice and easy, except there is a bug in older Android phones – even when you enter the proper credentials, the phone remains locked. This desperate situation led people to try all sorts of procedures to access the phone and turn off or change the…

In an interesting piece at CNNMoney.com, Janice Chaffin (head of Symantec’s consumer-security software division) has speculated that the world’s largest security software maker could develop antivirus and antispyware software for Android. “Today we’re on Windows,” Chaffin said. “We’re going to evaluate things like [ Android] as it goes forward.” Obviously, a few boxes have to be ticked first, however. For example, Symantec are currently only “evaluating” whether to get involved and the outcome of this decision primarily rests upon whether there is a sufficient uptake of Android on more traditional laptop/computer-style devices. Naturally, if Android were to work its way…

We’ve been hearing buzz that T-Mobile UK has released another firmware update that addresses a security hole found in the recently released Android 1.5 “Cupcake” update for the T-Mobile G1. Phandroid.com has posted a list of user reports that appear to back that up. We have no other information at this time, but this certainly would help explain why T-Mobile USA chose to delay its own Cupcake update.