The security of devices used in the office should be a top priority for business owners and managers. It is easy to think that a fully functioning device like a mobile phone is secure, and most of the time it is. The thing to be aware of however, is that there are always hackers looking for security flaws in these products. The latest flaw highlighted happens to be on the Android system.
In early July, mobile security company Bluebox announced that they had discovered a large security flaw in the Android system. The threat centers around a trojan application that can gain access to application data including email addresses, SMS messages, etc, and can get service and account passwords. In other words, it can take over your whole phone.
The way this so-called trojan infects mobile devices is through an app. Hackers have figured out how to tinker with the application’s code, and implement the malware without changing the cryptographic features that are used by Google Play and other online stores to validate and identify apps.
What this means is that the changed app looks legitimate to Google, developers, our phones and us, but it really has malicious code embedded in it, code that could give a hacker full access to your phone. The good news about this is that it can be easily fixed with an update. The bad news about this is that it is up to device manufacturers to actually release the fix. This is because most Android device manufacturers basically own their own version of Android and need to push the update to owners – Google can’t do this. Beyond that, it is up to the device owner to actually update their phone when the fix is released.
If this sounds a little worrying, it should be, especially since this affects every device except for the recently released Samsung S4 Touchwiz. There are things you can do however to minimize the chances of your device being infected by this bug.
If you are careful about what apps you install and take steps to ensure that you only install apps from the Play store, your device should be relatively safe. Google has announced that they have patched their cryptographic features on Google Play, so any new apps going onto Play should be safe from this particular exploit. There is a good chance that they will also correct this issue in a future update to the Android OS (likely 4.3), but older devices may be left out of the loop. So, as we have already told you a few times: Don’t install apps from outside of Google Play, and be sure to follow the tips we talked about above.
Should you require more information about Android in the workplace, please contact us today.