Well this is quite the unsettling story. Two “security experts” (I prefer to call them hackers) have drafted up a tool that would allow the user of it to probe an Android device to intercept emails and SMS messages. The program is a “root” utility that disguises itself as a program to help easily root your phone, but will do some other extracurricular activity before it’s done (that’s if it even goes through the process of rooting at all). Know that the hackers aren’t doing this with any malintent: they want Google to get off their butts and fix the security holes before a serious incident goes down.
The tool was released to thousands of hackers at the DefCon 18 security and hacking conference going on this weekend. At first, you may not think releasing the scary tool is in yours or anyone’s best interests, but it forces Google’s hand in making sure things are set straight before too long.
This isn’t unlike the story we heard about exactly one year ago where a known SMS flaw plagued millions of handsets (housing many types of operating systems) and would allow the sender of an SMS to send something similar to a denial-of-service attack which would keep you from being able to make and receive calls, send and receive text messages, and use your phone’s data. Following the revelation of that bug at a similar conference, Google, Apple, and other software vendors found themselves pushing out updates within days to fix it. If this is anything like that, then I’m sure Google’s already hard at work to take care of that.