The warnings have come from Riley Hassell, founder of Privateer Labs, and who along with Shane Macaulay, opted to cancel a scheduled appearance at the Black Hat conference last week. Their scheduled talk, "Hacking Androids for Profit," didn't go ahead, disappointing many who had waited for it.
Hassell explained that the decision was made not to publicly identify more than a dozen widely used Android applications with serious security problems. "App developers frequently fail to follow security guidelines and write applications properly," he said.
"Some apps expose themselves to outside contact. If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message."
He said that they alerted Google to the problems they had found with widely used applications. A Google spokesman said that Android security experts had discussed the issues with Hassell and found that the problems were not present in Android itself.
Nevertheless, Hassell said that they feared that hackers might exploit the vulnerabilities they were due to expose at the Black Hat conference.
"When something can be used for exploitation and there is no way to fix it, it is very dangerous to go out publicly with that information," the researcher said. "When there is not a lot that people can do to protect themselves, disclosure is sometimes not the best policy."
Written by: James Delahunty @ 14 Aug 2011 15:25