Johannesburg, 28 Mar 2012
Android devices and applications have a number of potential vulnerabilities just waiting to be exploited. This is according to MWR InfoSecurity information security consultant Tyrone Erasmus.
As the Android mobile operating system enjoys growing uptake across the world, Erasmus says vulnerabilities in the devices themselves and the applications designed for Android pose a growing threat to users` security.
"As an operating system, Android is well-designed and inherently secure," he says. "Unfortunately, the devices themselves contain vulnerabilities. So too do the apps for Android. I have found certain vulnerabilities in applications across the board - from small developers, to big, reputable companies; from business apps, to entertainment apps."
Erasmus, who will demonstrate the vulnerabilities at the upcoming ITWeb Security Summit, says there is little the user can do to prevent these vulnerabilities from being exploited. "The average user can`t tell if an app is risky," he says. "But the more apps you have on your device, the greater your risk.
"It may only ask few or no permissions, but may still be able to access the user`s most sensitive data regardless."
In a worst-case scenario, this could mean unauthorised entities accessing all a user`s contact details, passwords, company information and even their locations.
The problem, says Erasmus, is that Android is so new and different from other operating systems that older security measures cannot be applied to it.
"There`s a huge call for Android-specific vulnerability assessment tools to come to market, and for developers and manufacturers to focus specifically on Android security now," says Erasmus. He feels that while there have been few clever exploits against these vulnerabilities, at this stage, it is only a matter of time before these vulnerabilities are exploited by malware.
During his presentation at the Security Summit, Erasmus will demonstrate Mercury, a tool he has developed to find Android vulnerabilities.
The annual ITWeb Security Summit will take place from 15 to 17 May 2012 at the Sandton Convention Centre. For more information and to book your seat, go to www.securitysummit.co.za.
Share