Information Security Researchers Reveal Vulnerability in Android 2.3

Several security research reports have cautioned users against increased attacks on Mobile phones and applications during this year. Recently, security researchers at North Carolina State University (NCSU) discovered vulnerability in Android 2.3

Albuquerque, NM (prHWY.com) February 1, 2011 - Several security research reports have cautioned users against increased attacks on Mobile phones and applications during this year. Recently, security researchers at North Carolina State University (NCSU) discovered vulnerability in Android 2.3 (Gingerbread). The identified vulnerability in the latest version of the mobile operating system causes attackers to gain unauthorized access to files and documents on the microSD card (storage card) in the mobile phone.The vulnerability has been identified by a team of information security professionals led by Xuxian Jiang, an assistant professor in the University's computer science department.

The recently release Gingerbread version comes with improved features over the earlier version Froyo. The new version comes with features such an improved on-screen key board and better user interface. Gingerbread is a minor version and may be replaced with Android 3.0 (Honeycomb) during the course of this year.

Usually, software developers use ethical hacking to ascertain security flaws. In this case, researchers identified the vulnerability by testing a Nexus S device installed with Gingerbread. The researchers launched attacks on the operating system through a proof-of-concept exploit code. Fortunately, the purpose of the exploit was to alert developers on the security flaw in the operating system. Attackers may exploit the vulnerability by alluring users to click a fake and malicious link. When unsuspecting users click on the link, the malicious code is executed on their phones. By exploiting the vulnerability attackers may acquire list of applications installed on the mobile device. The executed malicious code may allow attackers to open, view and upload files, photos, voicemails and applications stored in the microSD card partitions to a remote server. Therefore, the attack poses information security risk for users of Nexus S. The extracted information may be misused by the attackers to indulge in identity theft, fraud, blackmail and other forms of cybercrime.

Google, the vendor of product has not yet issued any patch for the vulnerability. Earlier patches were issued for similar vulnerabilities in the previous versions of Android. The current vulnerability may be fixed in the newer versions or during the release of the next major version Honeycomb.Security professionals have advised users of Nexus S to disable Javascript or install a different web browser such as firefox to safeguard sensitive personal information.

EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. "Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation" as stated by EC-Council's Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.

ABOUT EC-COUNCIL

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

Press Contact

Steve Graham
6330 Riverside Plaza Ln NW
Suite 210
Albuquerque, NM 87120
Steve.graham@eccouncil.org
505.341.3228

###

Tag Words: mobile applications, mobile phone, storage card, microsd card, information security, nexus s, android gingerbread, android, google

Categories: Security

Link To This Press Release:

URL HTML Code