Smartphone management flaws puts users at risk, researchers say

Thu Jul 31, 2014 10:31am EDT
 
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article | Single Page
[-] Text [+]

* Up to 90 pct of smartphones share flaws

* Google Android devices face issues involving spoofed IDs

* No evidence consumers have been harmed to date

By Eric Auchard

VIENNA, July 31 (Reuters) - Security researchers have revealed two separate threats this week they say could put up to 90 percent of the world's 2 billion plus smartphones at risk of password theft, stolen data and in some cases let hackers take full control of devices.

One vulnerability involves flaws in the way scores of manufacturers of Apple, Google Android and Blackberry devices, among others, have implemented an obscure industry standard that controls how everything from network connections to user identities are managed.

The threat could enable attackers to remotely wipe devices, install malicious software, access data and run applications on smartphones, Mathew Solnik, a mobile researcher with Denver-based cyber security firm Accuvant, said in a phone interview.

A separate threat specifically affecting up to three-quarters of devices running older Android software has been unearthed by researchers at Bluebox Security of San Francisco.

Dubbed "Fake ID", the vulnerability allows malicious applications to trick trusted software from Adobe, Google and others on Android devices without any user notification, the company said on Wednesday.   Continued...