The new ways for hackers to attack phones running Google Inc‘s Android operating system has found by a mobile security expert.
Riley Hassell called off an appearance at a hacker’s conference last week, told Reuters he and colleague Shane Macaulay decided not to lay out their research at the gathering for fear criminals would use it attack Android phones.He said in an interview that he identified more than a dozen widely used Android applications that make the phones vulnerable to attack.
“Some apps expose themselves to outside contact. If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message.”
He declined to identify those apps, saying he fears hackers might exploit the vulnerabilities.
Google spokesman Jay Nancarrow said Android security experts discussed the research with Hassell and did not believe he had uncovered problems with Android.
It was the first public explanation for the failure of Hassell and Macaulay to make a scheduled presentation at the annual Black Hat hacking conference in Las Vegas, the hacking community’s largest annual gathering.
A mobile security researcher familiar with the work of Hassell and Macaulay said he understood why the pair decided not to disclose their findings.
“When something can be used for exploitation and there is no way to fix it, it is very dangerous to go out publicly with that information,” the researcher said. “When there is not a lot that people can do to protect themselves, disclosure is sometimes not the best policy.”
Hassell said he plans to give his talk at the Hack in The Box security conference in Kuala Lumpur in October.
