The Gadget Guy reviews the latest technology for the government and explores related trends and hot topics.
Security concerns for mobile devices are always at the forefront of network administrators. With millions of different apps that can be acquired from all over the Internet, it is hard to make sure your users are using best practices to keep their devices safe from malware and other forms of attack.
The security firm Symantec earlier this month warned of a critical vulnerability in Android operating systems. This Master Key vulnerability allows an industrious attacker to inject bad code into a legitimate application, without needing to alter the app’s digital signature. The malicious code would then be able to do everything the legitimate app was given permission to do when it was originally installed. Symantec said it was only a matter of time before someone found a way to take advantage of this.
Well, that time has come. Symantec recently posted on its official blog the discovery of the first pieces of malware designed to take exploit of this vulnerability out in the wild. The code was found in two legitimate apps being sold in Android marketplaces in China to help the user make doctor appointments. Symantec says its software now detects this code under the designation Android.Skullkey.
This news is hot on the heels of the announcement of a black-market binder kit that makes it easier for attackers to insert a remote access tool into legitimate apps. So, this hasn’t been a great month for Android, securitywise. But I, for one, would rather know about these issues than live in the dark.
To combat this new threat, Symantec recommends doing what it always recommends — only download apps from reputable marketplaces, and also install and run security software to prevent intrusion. This is definitely good advice whether or not your mobile device is running Android.