There's a lot of discussion about which smartphone is the coolest and has the most features. What is less often discussed is which devices are more vulnerable to hackers and other cyber attacks.
Researchers at North Carolina State University have been examining smartphone security and say some smartphones specifically designed to support the Android mobile platform have incorporated additional features that can be used by hackers to bypass Android’s security features, making them more vulnerable to attack.
That's of concern, they say, because Android has the largest share of the smartphone market in the U.S.
“Some of these pre-loaded applications, or features, are designed to make the smartphones more user-friendly, such as features that notify you of missed calls or text messages,” said Dr. Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the research. “The problem is that these pre-loaded apps are built on top of the existing Android architecture in such a way as to create potential ‘backdoors’ that can be used to give third-parties direct access to personal information or other phone features.”
Tricking the apps
How does it work? Jiang and colleagues say hackers can trick the pre-loaded apps. They can exploit these backdoors to record your phone calls, send text messages to premium numbers that will charge your account or even completely wipe out all of your settings.
To test their theory the researchers tested eight different smartphone models, including two “reference implementations” that were loaded only with Google’s baseline Android software.
“Google’s reference implementations and the Motorola Droid were basically clean,” Jiang said. “No real problems there.”
However, five other models did not fare as well. HTC’s Legend, EVO 4G and Wildfire S, Motorola’s Droid X and Samsung’s Epic 4G all had significant vulnerabilities – with the EVO 4G displaying the most vulnerabilities.
The researchers said they notified manufacturers of the vulnerabilities as soon as they were discovered, earlier this year.
“If you have one of these phones, your best bet to protect yourself moving forward is to make sure you accept security updates from your vendor,” Jiang said. “And avoid installing any apps that you don’t trust completely.”