Last night, we told you guys about a security hole in Android that was to be revealed at a security conference called Black Hat 2012. Well today, corporate and government security technology experts from all over gathered in Las Vegas, Nevada to learn more about all the new ways their networks are currently vulnerable to hackers, cyber criminals and would-be terrorists from around the world.
During a session dubbed “Adventures in Bouncerland,” Trustwave’s SpiderLabs demonstrated a security hole in “Bouncer” (Google’s security software for keeping out and quickly removing malicious apps from the Play Store) that can evade detection from Google Bouncer, and works on virtually all devices currently on the market. This makes downloading malicious apps disguised as legitimate applications in the Play Store a very real possibility. And that’s not all.
A researcher from a company called Accuvant showed off their method for delivering malicious code to Android devices via the much touted NFC (near field communications) chip found in some of the hottest Android devices currently on the market. Researcher Charlie Miller — who spent 5 years with the US National Security Agency — found a way to create a small, postage stamp sized device that could be placed just about anywhere (a cash register or vending machine) and can infect an unsuspecting person’s NFC enabled device without them ever know what happened. Scary stuff.
Freaked out yet? Well, there’s more. Miller and another researcher from a company called CrowdStrike found an exploit in the stock Android browser, unveiled back in February and publicly acknowledged by the Google Chrome development team and patched up in the latest versions of Chrome for Android. But therein lays the problem. With only around 10% of devices currently running Ice Cream Sandwich, and even less running Jelly Bean (where Google has officially made Chrome the stock Android browser), that means the majority of Android users are vulnerable to attack.
I guess that means users have even more ammunition for urging OEM’s and carriers to update their devices to the lstest version of Android. It’s no longer about all the cool new features and pizazz, now it’s simply a matter of security. When it came to Apple’s devices, researchers pointed out how quickly Apple is able to get carriers to push out new security updates. But as it stands for many security experts at the Black Hat 2012 conference, Android is still “the Wild West.”