We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

Researchers use Woodpecker to single out vulnerable Android phones

North Carolina State University researchers say some Android smartphone makers' efforts to go above and beyond the Google mobile platform's basics open their devices to security breaches.

"Some of these pre-loaded applications, or features, are designed to make the smartphones more user-friendly, such as features that notify you of missed calls or text messages," says Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the research. "The problem is that these pre-loaded apps are built on top of the existing Android architecture in such a way as to create potential 'backdoors' that can be used to give third-parties direct access to personal information or other phone features."

SLIDESHOW: Best free Android apps of 2011 

Hackers could trick the apps into recording your phone calls or wiping out your settings, says Jiang, whose team used a tool dubbed "Woodpecker" to detect vulnerabilities.

Such smartphone flaws are welcome news to hackers, who see Android phones as an increasingly juicy target: Gartner says more than half of the smartphones sold worldwide in the third quarter run Android, and that's double the number from the third quarter last year.

Vendors such as McAfee and Juniper Networks have recently released study results showing a boom in malware targeting Android devices, though Google has countered that some vendors may just be trying to roil up the market to sell more of their security wares

NC State researchers have had their eyes on Android security for some time. Network World spoke with Xuxian Jiang in April about an effort to defend Android users from privacy thieves. The NC State team's privacy mode software - dubbed Taming Information-Stealing Smartphone Applications (TISSA) -- would give Android users more control over what information they divulge to makers of third-party apps, both at the time of downloading the app and while it's running.

Based on NC State's latest research, on eight different smartphone models, Motorola Droid and plain Google reference implementations fared best. However, HTC's Legend, EVO 4G and Wildfire S, Motorola's Droid X and Samsung's Epic 4G all showed significant vulnerabilities. NC State researchers say they notified manufacturers about the holes earlier this year.

The research, supported by the National Science Foundation and U.S. Army Research Office, will be presented Feb. 7 at the 19th Network and Distributed System Security Symposium in San Diego.

Follow our Alpha Doggs blog for more on network research and follow our Alpha Doggs page on Google+ 

Read more about anti-malware in Network World's Anti-malware section.


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...