A SECURITY FLAW in Google's Android mobile operating system (OS) could be exploited by hackers looking to brick smartphones and tablets, security researchers have uncovered.
The security hole was found by independent researcher Ibrahim Balic, who revealed his Android bricking discovery in a blog post earlier this month. However, Taiwanese security company Trend Micro has since confirmed that Balic's discovery of the memory corruption bug is authentic and that the flaw is exploitable.
"We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets, which include bricking a device, or rendering it unusable in any way," Trend Micro mobile threat analyst Veo Zhang wrote in a blog post. "In this context, the device is bricked as it is trapped in an endless reboot."
According to Trend Micro, the vulnerability means hackers could build a Trojanised application to target devices running Android versions 4.0 and above, which if the latest figures at the Android Developer forum are anything to go by, could affect up to 80 percent of all active Google smartphones and tablets.
Trend Micro senior threat researcher David Sancho said the company has yet to see evidence that hackers are actively exploiting the flaw, but warned that the early exposure by Balic could encourage criminals to begin using it.
"Trend Micro has not seen evidence of exploitation at this moment [but] as with every new vulnerability, this is no guarantee about the future. In fact, describing a new vulnerability might cause new attempts of exploitation."
Earlier this month, another security researcher and CTO of startup company Doublethink, Bas Bosschert, discovered a flaw in the Android OS, claiming that it allowed cyber criminals to steal conversations from users of mobile messaging service Whatsapp.
Bosschert detailed the flaw in a blog post in which he demonstrated the method for accessing Whatsapp chats. He confirmed that the vulnerability still existed even after Google had updated the Whatsapp app the previous week.
Bosschert said the exploit is possible due to the Whatsapp database on Android being saved on the SD card, which can be read by any Android application if the user allows it to access the card.
Bosschert noted that this is an issue in the Android infrastructure, specifically a problem with Android's data sandboxing system, as opposed to a security flaw in Whatsapp.
Whatsapp disputed such claims, calling them "overstated". µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted