Researchers Discover New Smartphone Flaws
Security researchers have revealed two threats this week they say could put smartphones at risk of password theft or stolen data.
The first vulnerability was discovered by Mathew Solnik, a mobile researcher with cyber security firm Accuvant. It
involves flaws in the way scores of manufacturers of Apple, Google Android and Blackberry devices have implemented an obscure industry standard that controls how everything from network connections to user identities are managed.
The threat could enable attackers to remotely wipe devices, install malicious software, access data and run applications on smartphones, Solnik said.
However, the threat remains remote to average users and that only mobile communications experts could be able to replicate the technique, Solnik added.
The second threat is affecting devices running older Android software. Unveiled by researchers at Bluebox Security, "Fake ID" allows malicious applications to trick software from Adobe, Google and others on Android devices without any user notification.
The "Fake ID" vulnerability is widespread in Android phones dating back to the January 2010 release of Android 2.1 software and affects all devices not patched by Google.
"Essentially anything that relies on verified signature chains of an Android application is undermined by this vulnerability," Bluebox said in a statement referring to devices built before Google updated its core software late last year.