Multiple Android security holes exposed at hacking conference

google wallet nfc

Recently, around 6,500 corporate and government security technology experts and researchers from all over the world joined together to participate at the Black Hat 2012 conference in Las Vegas. In one of the many sessions that took place at the conference, Google’s own Android security software; named “Bouncer” (used to remove and keep malicious applications out of the Play Store) was exposed, revealing a security hole that could allow developers to evade Google’s “Bouncer” technology. An example the researchers that revealed this hole used was to take control of a phone with a malicious app, forcing it to download code from a third-party source to further take control of the infected phone with it potentially accessing the device’s root filesystem.

Furthermore, researcher Charlie Miller from Accuvant revealed a method that allowed malicious code to be delivered through the NFC (Near-Field Communications) chip found in many Android phones today. A device the size of a postage stamp could be placed on a cash register, infecting anyone’s NFC-capable phones that are detected nearby without them even knowing. Applications that solely depend on the NFC protocol, like Google Wallet on Nexus-branded phones in the US could potentially be exploited using this hole to send credit card information to the hacker.

charlie miller blackhat2012

An image of Charlie Miller from Black Hat 2012 demonstrating how easily an “NFC sticker” can be used to send malicious code to the victim’s NFC-enabled device.

“I can take over your phone” Miller said. He has said to have sent this research to Google and Nokia and both have acknowledged receiving the information but neither of them have discussed it with him personally. Nicholas Percoco, senior vice president of Trustwave’s SpiderLabs has said “Hopefully Google can solve the problem quickly, For now, Android is the Wild West.”

Image credit: BGR, CNET.

Source: Reuters

Multiple Android security holes exposed at hacking conference
User Rating: 0 (0 votes)