A VULNERABILITY in Android smartphones allows hackers to record phone conversations and monitor location data.
According to scientists from North Carolina State University, this can be done on Samsung, Motorola and HTC Google handsets because they contain code that exposes powerful capabilities to untrusted apps.
Apparently apps can bypass security defences that ask users to give their permission before an app is given access to personal information. The code is found in the interfaces and services that handset makers add to enhance Google's stock firmware.
"We believe these results demonstrate that capability leaks constitute a tangible security weakness for many Android smartphones in the market today," researchers wrote in a paper due to be presented at next year's Network and Distributed System Security Symposium. "Particularly, smartphones with more pre-loaded apps tend to be more likely to have explicit capability leaks."
The researchers found that the HTC Evo device was the worst, leaking eight functions. Right behind it was the HTC Legend with six leaks. Google's Nexus One and Nexus S each contained one leak.
Android's security credentials have been under the spotlight lately. Yesterday, F-Secure's Mikko Hypponen said the Android operating system could be "the [Windows] XP of the future" in terms of security weaknesses.
Hypponen told The INQUIRER that Android's security weakness will increase due to its position as the most popular operating system (OS) for mobile phones.
According to Hypponen, Android is "more open to different risks" because it is itself such an open OS. He said, "If you look at the growth of Android it's growing enormously and this reminds me of where we've been over the last 10 years."
"Windows XP is the weakest computer OS because it's the biggest - it's going to be the easiest to attack. I'm afraid Android will be the Windows XP of the future so it's likely to repeat."
However, with no disrespect to Mikko Hypponen, The INQUIRER must still observe that Microsoft's Windows XP is vulnerable primarily because it is fundamentally insecure by design, and that Google has an opportunity to avoid this in its Android operating system. µ
Wants to stop the apathy surrounding security breaches
Come on Barbie, let's go party... with Siri
Penguin joins Club, takes biscuit
The social network knows what you did Summer 2007