Skip to main content
  1. Home
  2. Mobile
  3. News

Android Security Flaw Discovered

By
Android Security Flaw Discovered

It’s a week since the first Android handset, the T-Mobile G1, hit the stores, but a trio of researchers have already discovered a security flaw in the Android mobile platform.

Charlie Miller, Mark Daniel and Jake Honoroff, who work for security testing and analysis firm Independent Security Evaluators, have disclosed that a successful hack could allow the attacker to capture all the stored information on the phone’s browser. However, until a fix has been found, they weren’t willing to give any specifics.

Recommended Videos

They did give credit to the Android for its secure ‘sandbox,’ under which any attacks would be limited by cutting off access to outside components. But at the same time they criticized Google for not using the most recent version of open-source components in development.

Related

"The vulnerability is due to the fact Google did not use the most up to date versions of all these packages," the researchers said. "In other words, this particular security vulnerability that affects the G1 phone was known and fixed in the relevant software package, but Google used an older, still vulnerable version."

Editors’ Recommendations

Digital Trends Staff
Digital Trends Staff
Digital Trends has a simple mission: to help readers easily understand how tech affects the way they live. We are your…
Samsung saved your phone from a nasty security problem
Galaxy S22 Ultra and S21 Ultra camera modules.

Mobile security company Kryptowire published a blog post detailing a security breach it identified in Android 9, 10, 11, and 12 on Samsung smartphones earlier this year. The issue it found had serious consequences should a device be affected, and the company contacted Samsung. To its credit, Samsung reacted quickly to the problem and pushed its February 2022 security update out to remedy the issue.

Kryptowire's post detailing the problem is highly technical, but it serves as a good reminder of how important continued security updates are on Android devices. While most Samsung device owners have likely already protected themselves by downloading the security update, those without auto-updates turned on should make sure to bring their device up to date as soon as possible. On your Samsung phone, go to Settings>Software Update, and select Download and Install to check for any outstanding software updates. Then go back and turn Auto Download over Wi-Fi on.

Read more
Apple’s iOS 15.3 update fixes critical Safari security bug
iPhone showing Home Screen with widgets resting on soft white cloth background.

Apple has just released iOS 15.3, and while this latest update doesn’t add any significant new features, it addresses at least one critical security flaw. Earlier this month, software engineer Martin Bajanik of FingerprintJS found a serious vulnerability in Safari 15, the browser included in iOS 15 and iPadOS 15, that could leak browsing history information and even credentials from online services that a person is using, such as Google, YouTube, Amazon, and sites using WordPress.

As Bajanik explains, many websites use an API called IndexedDB to request that browsers like Safari and Chrome store information in a local database on a person’s device. Under normal circumstances, a given website should only be able to request information about the databases that it created — any others should be invisible to it.

Read more
A flaw in MediaTek audio chips could have exposed Android users’ conversations
A MediaTek processor on a motherboard.

Security researchers have discovered a new flaw in a MediaTek chip used in over a third of the world’s smartphones that could have potentially been used to listen in on private conversations. The chip in question is an audio processing chip by MediaTek that’s found in many Android smartphones from vendors such as Xiaomi, Oppo, Realme, and Vivo. Left unpatched, researchers say, a hacker could have exploited the vulnerabilities in the chip to eavesdrop on Android users and even hide malicious code.
Check Point Research (CPR) reverse-engineered MediaTek’s audio chip, discovering an opening that could allow a malicious app to install code meant to intercept audio passing through the chip and either record it locally or upload it to an attacker’s server. 
CPR disclosed its findings to MediaTek and Xiaomi several weeks ago, and the four identified vulnerabilities have already been patched by MediaTek. Details on the first can be found in MediaTek’s October 2021 Security Bulletin, while information on the fourth will be published in December. 
“MediaTek is known to be the most popular chip for mobile devices,” Slava Makkaveev, Security Researcher at Check Point Software, said to Digital Trends in a press release. “Given its ubiquity in the world, we began to suspect that it could be used as an attack vector by potential hackers. We embarked research into the technology, which led to the discovery of a chain of vulnerabilities that potentially could be used to reach and attack the audio processor of the chip from an Android application.”
Fortunately, it looks like researchers caught the flaws before they could be exploited by malicious hackers. Makkaveev also raised concerns about the possibility of device manufacturers exploiting this flaw “to create a massive eavesdrop campaign;” however, he notes that his firm didn’t find any evidence of such misuse. 
Tiger Hsu, product security officer at MediaTek, also said that the company has no evidence that the vulnerability has been exploited but added that it worked quickly to verify the problem and make the necessary patches available to all device manufacturers who rely on MediaTek’s audio processors. 
Flaws like these are also often mitigated by security features in the Android operating system and the Google Play Store, and both Makkaveev and Hsu are reminding users to keep their devices updated to the latest available security patches and only install applications from trusted locations. 

Read more