Web: ‘Heartbleed for Mobile': Researcher Finds Massive Security Flaw in Android

July 2015 by: From The Web

Openness is Android’s greatest strength — a flexibility that has enabled it to spread to now power four of every five smartphones on the planet.


But openness can be, at times, its greatest weakness. This frailty was demonstrated on Monday when Joshua Drake, a researcher with security firm Zimperium, revealed a hole in Android’s source code that hackers can exploit with profound ease: If they have a phone’s number, all they do is send a text. The bug, dubbed “Stagefright,” houses the “the worst Android vulnerabilities discovered to date,” the company wrote.


It’s a particularly malicious hack because it can compromise the device quietly, unbeknownst to its owner. And for Google, fixing it largely falls outside its control.


...


Continue Reading: Re/Code


Our Take Many have pointed out that Android's openness and sandbox architecture will be its downfall as heterogeneous versions of the software deployed by the various manufactures makes it harder for Google to create and implement uniform security fixes. However this openness that has led to Android being installed on over 950M devices may prove to be the operating system's saviour. After all this is 950M eyes and hands available to identify potential security flaws and fix them. While Apple's iOS has many users who are able to identify potential loopholes that can be exploited by criminals, at the end of the day all Apple devices rely on Cupertino to deliver a fix. 


This is of course just another point of contention between Android and iOS fans and which can be debated till the cows come home. The fact remains that cyber criminals are getting smarter and larger in number every day and operating systems have to work exponentially harder to stay secure.