The Android security is becoming a serious concern as the Android Malware was reported to by double in 2015 as compared to 2014. Trend Micro Incorporated released its annual security roundup report which dissects the most significant security incidents from 2015. One of the top activities noted included the rise in Android Malware and impact also included the aggressive adoption of smart technologies.
Android’s MediaServer component took a lot of hits in 2015. Vulnerabilities found in the component can be exploited to perform attacks using arbitrary code execution. Such attacks could force a device’s system to go on endless reboot, draining its battery. It can also be used to render Android devices silent and unable to make calls due to unresponsive screens. Vulnerability in Android’s manifest file may also cause devices to experience constant rebooting, making the device totally useless.
Some other Android vulnerability include the Android debugger Debuggered vulnerability we discovered in June. It can be utilized to expose a device’s memory content. The Android Installer Hijacking vulnerability, meanwhile, gives hackers the ability to replace legitimate apps with malicious versions in order to steal information from the user.
The Samsung SwiftKey Keyboard vulnerability (CVE-2015-4640 and CVE-2015-464124) had a pre-loaded malicious code masquerading as additional language packs that put over 600 million Samsung Galaxy series phones at risk. We also uncovered the Apache Cordova25 mobile API framework flaw, which remotely exploits applications with a mere click of a URL.
Although the state of Apple security is relatively better than of Android’s, Apple’s trusted walled garden also took some hits in 2015. The emergence of vulnerabilities like iOS Quicksand and AirDrop proved that iOS users could potentially be hit with exploits. The malicious code XcodeGhost26, while technically not a vulnerability, was also able to affect several users in China and the US.
One of the challenges we noted in our 2016 security predictions is the likelihood of more hacks on smart technologies that could result to serious and even fatal damages. These incidents serve as proofs of concept, solidifying what we previously thought was only possible in fiction. The need for security and testing of IoT devices is much stronger now, and manufacturers are expected to step up to the plate to protect their customers’ privacy and physical safety.
