I remember when I attended the RSA security conference in 2011 — a lot of security experts warned of the potential dangers looming in the Android platform. Sure enough, in the past 18 months, Android has been the target of countless attacks, mostly via malicious apps.
So it doesn’t come as a big surprise that at this year’s Black Hat security conference, the warning wasn’t so much of the potential dangers looming for Android, but the potential dangers that are here right now. And in this case, it is hackers who are the primary threat. According to TechnoBloom:
While the hackers appreciated Google’s effort to plug security issues with Android, they also reminded that developers of malicious software too are making progress by coming up with newer ways to breach Android’s security barriers.
The hackers are using near-field-communication (NFC) connections to access Android-run devices. Android users use the NFC technology to make financial transactions and share photos, for example, by bringing one device close to another device that has the same technology. I’ve noticed that this is becoming a popular way of paying for purchases in situations where having a cash register and traditional credit card reader isn't feasible. I know writers who have sold copies of their books this way.
But at Black Hat, a serial phone hacker named Charlie Miller said that he has come up with a hack that would take over a person’s phone. As PC Pro explained:
Miller said he had created a device the size of a postage stamp that could be stuck in an inconspicuous place, such as near a cash register at a restaurant. When an Android handset is close enough, he could gain access to the system. Miller also showed off Bluetooth hacks to access data stored on handsets.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
The conference also included other ways that the bad guys can attack the Android platform, including a malicious code that uses a flaw in Google Chrome.
Obviously, this news isn’t going to make anyone stop using their Android devices (I was using my Android phone while writing up this blog post, so I’m certainly not scared off). But it should give businesses a pause on how they and their employees use their Android phones and tablets. Is NFC an option you want employees to be using to exchange data and make payments?
Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, referred to Android as modern technology’s version of the Wild West. Good analogy. Back in those days, you didn’t go into the West unprepared for an attack. The same mentality should be used when using Android.