Android Mobile Security


Pentagon Decision Moves Android Security Forward

The Pentagon’s decision to endorse a hardened version of Android for use inside the DoD is a smart move forward, experts said. A wholesale blessing of the Android platform isn’t possible given the various flavors of the OS. Meanwhile, attackers continue to probe deeper at kernel and OS flaws.

Android Smishing Vulnerability Found in Android Open Source Project Firmware

A vulnerability discovered in the Android Open Source Project enables malicious applications to send SMS messages without user permission across all recent Android platforms.While no exploits are active in the wild, one could be built that could be at the center of various SMS phishing, or smishing, attacks, said Xuxian Jiang, associate professor in the North Carolina State University computer science department.


It might sound like a security researcher’s worst nightmare to string together 300,000 virtual instances of the Android OS, but for scientists at Sandia National Laboratories, it’s just another day.The Department of Energy-sponsored national security-focused laboratory released the MegaDroid project on Tuesday, a cluster of 300,000 networked virtual machines running Android on commodity hardware. The project gives scientist a massively scaled platform to test anything that could cause a network disruption, including malware or an attack on critical infrastructure.

Officials at mobile handset maker HTC said they are working on a patch to fix a problem with many of its Android devices that enables any app with Internet permissions to access a large cache of user and device data that a proprietary tool called HTCLoggers collects. The company said on Monday that it was looking into the claims.

Days after publishing a report on serious security lapses in the PayPal mobile payments application for the iPhone, a Chicago firm has released an analysis that finds similar problems in a mobile banking applications by Bank of America and Wells Fargo.

eBay’s PayPal online payment division is rushing a software patch to users of its iPhone mobile payments application to plug a hole that leaves users vulnerable to man-in-the-middle and phishing attacks, but the firm that found that hole said transaction security is just one problem facing the mobile payments application.

Researchers have developed a kernel-level Android rootkit in the form of a loadable
kernel module and will demonstrate the proof of concept exploit at the upcoming DefCon conference. Read the demo statement. [DefCon.org]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.