Once again, the security surrounding Google's products is being discussed.
On a personal level, I'm always a bit concerned whenever I see any article that combines the phrases "Android" and "Security Threat." I'm one of those people PC World said helped Android climb "to the top of the mobile OS mountain," and I'd really like to be sure that my Android smartphone is secure.
PC World attributes Android's success to it being an open platform, but that openness also makes Android more susceptible to risks. And one of those risks right now is the Android Class Loading hijacking, which was discovered by Symantec. The PC World article said:
A Symantec spokesperson explains that the Android Class Loading Hijacking threat resembles a Windows DLL hijacking attack. "It relies on the fact that Android provides APIs that allow an app to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time. Unfortunately, if these plug-ins are stored in an insecure location, this process can be hijacked."
This isn't a problem within the Android OS itself, but with the way some of the Android apps are coded.
Matt Johansen, a researcher with WhiteHat Security, said he identified a flaw in a Chrome OS note-taking application that he exploited to take control of a Google email account. He reported it to Google, which fixed the problem and gave him a $1,000 reward for pointing it out.
Johansen said he has since discovered other applications with the same security flaw. "This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware."
According to the article, Johansen plans to reveal more about the security bugs at the upcoming Black Hat conference in August.