Android Woes: Images As Security Loophole?
It seems like Android just can’t cut a break. After its disastrous performance year in and year out when it comes to malware, it now has an entirely new and unique threat to deal with. A security flaw within the Android architecture now means that hackers can create malware that can manipulate its way into a user’s device by pretending it is an image.
How Does This Even Happen
We have never really heard of or seen an image based malware code up till now. And it hasn’t surprised many people that hackers are targeting Android first, it is the easiest target after all. What cyber criminals do in this case is take a piece of graphic or a photo and wrap it up with malware. Android security and the Google Bouncer Scanner only see the image and it pass through, and then it does all the damage that it is meant to do. The scanners, it would appear, were not capable of telling that there is a malicious code attached to the image that is being sent forth.
What happens is that the malicious code looks like a simple JPG or PNG file which is using a typical custom encryption package. That is why the system was being fooled by it. The flaw was first found by Axelle Apvrille and Ange Albertini on the Black Hat hacking news website.
They first spoke about the problem long before Google thought to address it. “Such an attack is highly likely to go unnoticed, because the wrapping Android package hardly has anything suspicious about it, and nothing about the payload leaks as it is encrypted. Additionally, the attack works with any payload and currently on any version of Android,” they said.
Where’s the Patch
There is good news, of course. Google played it smart by keeping any news about the flaw hidden till they had developed a cure for the disease. It seems that they now have a patch that can be fitted into the software through an update and help keep users safe. However, this is not all good news because users who do not frequently update their OS will be left at risk still.
Google kept the security flaw quiet until it had provided a patch for its software, but users who rarely update their phone’s operating system are likely to be still at risk. Then there are also users who might not be able to get their hands on the patch because news about the vulnerability isn’t that widespread yet.
Android has a lot of steps to take before it can handle the security issues that it has on hand right now. Keeping in mind that while they walk ahead, they will also have to face existing issues that they don’t even know exist. This leaves users will a simple question: are all those fancy features worth the security risk they bring with them? For most people, the answer has been a ‘yes’ so far.