printer friendly version

Android risks climbing

Users of mobile phones are still being put at considerable security risk because manufacturers of Android devices are not doing enough to safeguard users’ security worldwide.

“Android mobiles are being compromised daily exposing users to a real security risk,” said Ian Shaw, MD of MWR InfoSecurity, a UK IT security consultancy that has consistently warned users to beware and manufacturers that they are just not doing enough.

Shaw added: “Manufacturers of Android mobile phones will once again be launching their latest models and as before, we will be warning users and manufacturers at the Mobile World Congress in Barcelona that not enough is being done to safeguard user information. The increasing lack of security controls on the phones are exposing users to fraud and other criminal activity.

“Manufacturers must spend more time looking to see how they can safeguard users. Many seem to forget that they have a duty of care. The problem is that many users just do not realise how vulnerable they actually are. Criminals can steal personal details like bank passwords and other personal information.

Since 2012 MWR has been highlighting security weaknesses that have been introduced into smartphones by their manufacturers. These issues expose their users’ private information and leave them susceptible when using sensitive online apps such as mobile banking.

Experts from MWR first illustrated this issue demonstrating how a Palm Web OS and Android smartphones could be used as a bugging device. Last year it demonstrated how a Windows Phone running HTC and Samsung could also be compromised exposing user’s data.

They will again demonstrate further issues in a presentation at the Blackhat European Security conference in Amsterdam in March; using ‘Mecury’, a tool developed at MWR’s South African office, to identify weaknesses in Android Apps.

MWR InfoSecurity has identified more than 10 vulnerabilities specific to Samsung smartphones and tablets and reported these to Samsung in Korea. While this is concerning, Samsung has responded to the security vulnerabilities that MWR have identified and are currently in contact with the research team in South Africa to resolve these.

Increasingly though, companies are looking to allow access to sensitive corporate information on personal smartphones. This is done in response to requests from employees to use their equipment which is often newer and more powerful than company issued equipment.

Shaw added: “Companies are also looking to save money by what is effectively outsourcing responsibility for IT equipment to the employee, otherwise known as Bring Your Own Device (BYOD). If the security of the smartphones cannot be guaranteed, then neither can the corporate data they will be accessing.

“BYOD is an enabling policy allowing for greater remote working and as such higher productivity and innovation. However, many of these enterprises are likely to shun models that do not offer at least basic security assurance, so manufacturers need to get their act together or they will be left behind.”

With the first smartphone botnets now being detected and organised crime focusing on smartphones as a lucrative area the requirement for better levels of security assurance is clearly there.

For further Information contact Harry Grobbelaar, MWR InfoSecurity, + 27 (0)71 1368 733, [email protected]

Share this article:

Further reading: