WASHINGTON (AP) — Cellphones using Google's Android operating system are at risk of being disabled or wiped clean of their data, including contacts, music and photos, because of a security flaw that was discovered several months ago but went unnoticed until now.
Opening a link to a website or a mobile application embedded with malicious code can trigger an attack capable of destroying the memory card in Android-equipped handsets made by Samsung, HTC, Motorola and Sony Ericsson, rendering the devices useless, computer security researcher Ravi Borgaonkar wrote in a blog post Friday. Another code that can erase a user's data by performing a factory reset of the device appears to target only the newly released and top selling Galaxy S III and other Samsung phones, he wrote.
Borgaonkar informed Google of the vulnerability in June, he said. A fix was issued quickly, he said, but it wasn't publicized, leaving smartphone owners largely unaware that the problem existed and how they could fix it.
Google declined to comment. Android debuted in 2008 and now dominates the smartphone market. Nearly 198 million smartphones using Android were sold in the first six months of 2012, according to the research firm IDC. About 243 million Android-equipped phones were sold in 2011, IDC said.
Versions of Android that are vulnerable include Gingerbread, Ice Cream Sandwich and Jelly Bean, according to Borgaonkar. He said the Honeycomb version of Android, designed for tablets, needs to be tested to determine if it is at risk as well.
Samsung, which makes most of the Android phones, said only early production models of the Galaxy S III were affected and a software update has been issued for that model. The company said it is conducting an internal review to determine if other devices are affected and what, if any, action is needed. Samsung said it is advising customers to check for software updates through the "Settings: About device: Software update" menu available on Samsung phones.
Borgaonkar, a researcher at Germany's Technical University Berlin, said the bug works by taking advantage of functions in phones that allow them to dial a telephone number directly from a web browser. That convenience comes with risk, however. A hacker, or anyone with ill intent, can create a website or an app with codes that instruct the phones linking to those numbers to execute commands automatically, such as a full factory reset.
The phone's memory card, known as a subscriber identity module, or SIM, can be destroyed remotely in the same way, Borgaonkar said. "Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click," he wrote. "After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card."
While Borgaonkar has drawn attention to the problem, it's unclear how useful the vulnerability would be to cybercriminals who are primarily interested in profits or gaining a competitive advantage, said Jimmy Shah, a mobile security researcher at McAfee. "There's no benefit to the attacker if they can't make money off it or they can't steal your data," Shah said. "It's really not that useful."
But the technique could cause huge headaches if it were harnessed to issue outbound phone calls, said Mikko Hypponen, chief research officer at F-Secure, a digital security company in Helsinki, Finland. "If that would be doable, we would quickly see real world attacks causing phones to automatically dial out to premium-rate numbers," he said.
Don't Wait To Charge
Charge your phone frequently. Recharging when the phone is almost dead too often will make the battery do more work and lower its life expectancy. Charge when your phone is 40 percent full, not 10 percent.
Don't Vibrate
It takes more energy for the phone to vibrate than to ring.
Disable Location Services
Apps that use location are constantly communicating with cell towers to pinpoint where you are. While they're doing it, your battery is dying. Turn them off in settings when you need to get that last bit of life.
Dim The Screen
Dim the brightness of your screens to give battery life a boost. Lowering the default brightness will ensure that the phone uses less charge over time.
Lock Your Screen
Locking the screen on your phone not only keeps strangers from snooping, but will also keep the phone from turning on--and using power--if it accidentally brushes up against things.
Get Accessories
While some people already tote around chargers in the dire case that their phone might die, an easier way to prepare is to outfit your phone with a "battery extender case" that packs a spare battery within its skin. When your phone's battery runs out, it will draw power from the case battery.
Get A New Battery
After two years, there's a good chance your battery is running on its last legs. At this point, it might be better to replace it in order to get the full battery life you once had.
Put The Phone In Airplane Mode
Even when you're not up in the air, putting your phone in Airplane Mode will keep the battery from dying, as it prevents the phone from receiving and sending signals. Of course, when it's in Airplane Mode you won't be able to call, text, or get online, so this may be a last resort.
Keep Your Battery Cool
Turn Off Push Notifications
The function that allows your phone to automatically download new email, and notifications from third-party apps, also makes your battery run out faster. If your phone's almost dead, go to settings to turn off this feature.
Opening a link to a website or a mobile application embedded with malicious code can trigger an attack capable of destroying the memory card in Android-equipped handsets made by Samsung, HTC, Motorola and Sony Ericsson, rendering the devices useless, computer security researcher Ravi Borgaonkar wrote in a blog post Friday. Another code that can erase a user's data by performing a factory reset of the device appears to target only the newly released and top selling Galaxy S III and other Samsung phones, he wrote.
Borgaonkar informed Google of the vulnerability in June, he said. A fix was issued quickly, he said, but it wasn't publicized, leaving smartphone owners largely unaware that the problem existed and how they could fix it.
Google declined to comment. Android debuted in 2008 and now dominates the smartphone market. Nearly 198 million smartphones using Android were sold in the first six months of 2012, according to the research firm IDC. About 243 million Android-equipped phones were sold in 2011, IDC said.
Versions of Android that are vulnerable include Gingerbread, Ice Cream Sandwich and Jelly Bean, according to Borgaonkar. He said the Honeycomb version of Android, designed for tablets, needs to be tested to determine if it is at risk as well.
Samsung, which makes most of the Android phones, said only early production models of the Galaxy S III were affected and a software update has been issued for that model. The company said it is conducting an internal review to determine if other devices are affected and what, if any, action is needed. Samsung said it is advising customers to check for software updates through the "Settings: About device: Software update" menu available on Samsung phones.
Borgaonkar, a researcher at Germany's Technical University Berlin, said the bug works by taking advantage of functions in phones that allow them to dial a telephone number directly from a web browser. That convenience comes with risk, however. A hacker, or anyone with ill intent, can create a website or an app with codes that instruct the phones linking to those numbers to execute commands automatically, such as a full factory reset.
The phone's memory card, known as a subscriber identity module, or SIM, can be destroyed remotely in the same way, Borgaonkar said. "Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click," he wrote. "After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card."
While Borgaonkar has drawn attention to the problem, it's unclear how useful the vulnerability would be to cybercriminals who are primarily interested in profits or gaining a competitive advantage, said Jimmy Shah, a mobile security researcher at McAfee. "There's no benefit to the attacker if they can't make money off it or they can't steal your data," Shah said. "It's really not that useful."
But the technique could cause huge headaches if it were harnessed to issue outbound phone calls, said Mikko Hypponen, chief research officer at F-Secure, a digital security company in Helsinki, Finland. "If that would be doable, we would quickly see real world attacks causing phones to automatically dial out to premium-rate numbers," he said.
Phone Tips:
Charge your phone frequently. Recharging when the phone is almost dead too often will make the battery do more work and lower its life expectancy. Charge when your phone is 40 percent full, not 10 percent.
It takes more energy for the phone to vibrate than to ring.
Apps that use location are constantly communicating with cell towers to pinpoint where you are. While they're doing it, your battery is dying. Turn them off in settings when you need to get that last bit of life.
Dim the brightness of your screens to give battery life a boost. Lowering the default brightness will ensure that the phone uses less charge over time.
Locking the screen on your phone not only keeps strangers from snooping, but will also keep the phone from turning on--and using power--if it accidentally brushes up against things.
While some people already tote around chargers in the dire case that their phone might die, an easier way to prepare is to outfit your phone with a "battery extender case" that packs a spare battery within its skin. When your phone's battery runs out, it will draw power from the case battery.
After two years, there's a good chance your battery is running on its last legs. At this point, it might be better to replace it in order to get the full battery life you once had.
Even when you're not up in the air, putting your phone in Airplane Mode will keep the battery from dying, as it prevents the phone from receiving and sending signals. Of course, when it's in Airplane Mode you won't be able to call, text, or get online, so this may be a last resort.
Overheating can damage your phone's battery cells and make it die faster after a charge. Keep your phone out of the sun and other hot places. A phone that gets too hot while in use could be experiencing some kind of charge malfunction and should be checked out. (HTC phones special the HD2)
The function that allows your phone to automatically download new email, and notifications from third-party apps, also makes your battery run out faster. If your phone's almost dead, go to settings to turn off this feature.
Charge On The Go and Get Off The Grid
With solar cell technology still developing and portable battery units that can keep you charged where ever you are, why not look into it? With companies like Solio that offers devices like the clip mini which can hold a charge for a whole year and can be carried around with you on the go why not look into it. There is also the Bell+Howell Solar Charger, which is a cheaper but more affordable version of the Solio device.
Also, if you are interested in seeing what you would need to get solar cells for your home click on the link.
Get Virus Protection For Your Phones Too
You have virus Protection for you home computer, but not your smart phone? Then you could be in for a big surprise. Most smartphones today are some of the most advanced computers you could ever own. Why would you not want to keep your device safe? With apps like Bull Guard, Lookout, and McAfee Mobile leading the way before this was an issue, I think you should now look into it cause the threats are real. Plus all allow wipe features if your phone is stolen.
Despite the customer support issues, I have been very happy with the app by Lookout, for my Samsung Galaxy S2. It checks everything! If you have a review about anything posted here please leave one.
Check the good deals on Cell Phones and other tech
at PCI computers, just click the pic!
Get Virus Protection For Your Phones Too
You have virus Protection for you home computer, but not your smart phone? Then you could be in for a big surprise. Most smartphones today are some of the most advanced computers you could ever own. Why would you not want to keep your device safe? With apps like Bull Guard, Lookout, and McAfee Mobile leading the way before this was an issue, I think you should now look into it cause the threats are real. Plus all allow wipe features if your phone is stolen.
Despite the customer support issues, I have been very happy with the app by Lookout, for my Samsung Galaxy S2. It checks everything! If you have a review about anything posted here please leave one.
Check the good deals on Cell Phones and other tech
at PCI computers, just click the pic!
No comments:
Post a Comment