NCSU: Vulnerabilities in Popular Stock Android Phones
We’ve already seen the recent Bit9 study which unveiled popular Android smartphones being vulnerable to malware exploits and hacking attempts and now it’s time for a North Carolina State University research to raise a couple of questions regarding pre-installed software.
Researchers Michael Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang at NCSU analyzed popular smartphones: HTC Legend, HTC EVO 4G, HTC Wildfire S, Motorola Droid, Motorola Droid X, Samsung Epic 4G, Google Nexus One and Google Nexus S. The research found that while the model implementation of Android on Google’s own handsets had relatively “minor security issues”, other manufacturer’s phones “do not properly enforce
The vulnerability? Untrusted applications are able to “send SMS messages, record conversations, or even wipe all user data from the handset without needing the user’s permission”. While things went smoothly in reporting the issues to Google and Motorola, HTC and Samsung were a tougher nut to crack.
Android is more exposed to vulnerabilities and malware attacks because of several reasons: the “openness” of the platform, multiple OEMs implementing the OS and apps in separate ways and lots of applications available in “several sources”. Make sure you stick to Android Market downloads and only install applications you trust (or which originate from app makers you already know).