Flawed Android Devices Open To Malware Threat
In these times when everyone is connected to everyone else 24/7, mobility is an ever more crucial facility. The ability to work from home or whilst out on the road can make a major contribution to a company’s revenue stream and bottom line but unfortunately security is rapidly becoming an issue. Those users who do not have enterprise mobility management policies in place could well be at risk from a recently discovered and alarmingly severe threat.
Researchers at the Universities of California and Michigan have found a flaw in Android devices that effectively allows applications to be hacked. It’s believed that this flaw can even be used in attacks on iOS and Windows Mobile applications. Their paper was presented recently at the USENIX Security Symposium where it caused considerable discussion and concern.
According to researchers, intrusion requires a malicious application to run in the device’s background. The app is virtually unidentifiable to the average user as it uses very little battery energy and only requires a handful of permissions. The window manager, a graphic interface framework housed in the shared memory area of a tablet or smartphone, is used by the malicious mobile program. The app could theoretically interfere with around 92 per cent of devices targeted and was particularly effective in disrupting Gmail. Hackers could use the malicious app to view a replica of the user interface in addition to obtaining image files through the device’s camera.
Fortunately, mobile application manage software is able to mitigate the effects of such malicious apps (and there is more than one) by sandboxing applications and avoiding memory sharing between them. According to Sanjay Poonen, manager of end-user computing at VMware, IT departments that do not quickly adapt to our increasingly mobile influenced world are at increased risk of serious attacks, and ultimately extinction.
The research raised serious concerns about the newly introduced bring-your-own-device policy now operating across many businesses. If companies do not use MAM software, their systems could be at risk from a malicious application which could in effect be customised to attack one specific operating system. Those enterprises that do install MAM software suites on each and every user’s own device will stay immune from attack. MAM software suites are specifically built for each separate operating system and combat hacking using malicious programs by restricting memory sharing.
Mobility is obviously the way forward for modern business, but it’s crucial that companies are aware of serious threats to data security and put systems in place to combat it. There will always be hackers and mischief-makers out there; it’s just a case of keeping one step ahead and making their lives as difficult as possible.