According to recent research on the Android platform, which has exposed a fundamental security risk, the phones running the OS run a risk of having all their data wiped out. The flaw was noticed a while ago but the implications weren’t signified till now. The trigger to this would be if a website containing malicious code is accessed from the browsers on devices made by Samsung, HTC, Motorola and Sony Ericsson and the virus like segment has the potential to render the phones useless. The glitch was exposed by research blogger Ravi Borgaonkar who also mentioned another worm that targets only the Galaxy SIII from Samsung by triggering a factory reset on the phone.
Borgaonkar reported the issue to Google back in June this year and the company introduced a fix to it then itself but because of lack of awareness among users, most people still remain vulnerable to the threat. Google however declined to make any statement about the issue. Right now, the Android platform is the most popular smartphone OS around the world making up for nearly half the market. So far, nearly 200 million Android devices were sold in 2012.
The threat from malicious codes was strong against several versions of Android, right from Gingerbread to Jellybean including the tablet exclusive Honeycomb version and the currently popular Ice Cream Sandwich. Borgaonkar however said that the extent of the threat to Honeycomb needs to be tested further. The threat to the Galaxy SIII seems to have caught Samsung’s attention which said that only the initial devices that were released suffered from it and that an update has been rolled out which would prevent any further attacks. Samsung is now advising all customers to check for updates to their phone and go for them to avoid any security glitches in the future.
The bug was developed because of the Android platform’s capability to dial a number directly from a website. If the number is coded to activate a factory reset or the like, the phone is in trouble. In addition, the vulnerability is extended to the SIM which can be virtually destroyed by the code at which point, the subscriber will have to get a new one from the service provider. Though the threat is dangerous, it has no real benefit to people looking to exploit it as there is no possibility of a financial gain that comes out of it.
