Washington: Some Smartphones models that have been specifically designed to support Google’s Android mobile platform have incorporated additional features that can be used by hackers to bypass the operating system’s security features, making them more vulnerable to attack, a study has revealed.
According to a new research from North Carolina State University, some of these pre-loaded applications, or features, are designed to make the smartphones more user friendly, such as features that notify you of missed calls or text messages.
Dr. Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the research, said the problem is that these pre-loaded apps are built on top of the existing Android architecture in such a way as to create potential ‘backdoors’ that can be used to give third-parties direct access to personal information or other phone features.
Hackers can easily trick these pre-loaded apps. For example, these “backdoors” can be used to record users’ phone calls, send text messages to premium numbers that will charge a users’ account or even completely wipe out all settings.
The researchers have tested eight different smartphone models, including two “reference implementations” that were loaded only with Android software.
“Google’s reference implementations and the Motorola Droid were basically clean.No real problems there,” Jiang said.
But five other models did not fare as well. HTC’s Legend, EVO 4G and Wildfire S, Motorola’s Droid X and Samsung’s Epic 4G all had significant vulnerabilities, with the EVO 4G displaying the most vulnerabilities, the researchers concluded.
Meanwhile, Jiang said that the best bet to protect yourself moving forward, if you have one of these phones, is to make sure you accept security updates from your vendor, and avoid installing any apps that you don’t trust completely.
First Published: Thursday, December 1, 2011, 14:02