Yesterday, Bluebox Security’s research team announced that there is a weakness in every single Android phone since Android 1.6. To put this in perspective, Android 1.6 was launched back in September 2009. This means that this problem has been present in most Android based phones that are currently in use. The official estimate is that it would extend to about 900 million devices, which is 99% of the android phones that are used today.
Naturally Bluebox has shared the problem with Google in February 2013. This means that Google is now able to fix it. However, most of the 900 million handsets will not be protected any time soon. The biggest problem with the Android system is that it used by many manufacturers. That enables you to have a great choice of phones when you walk up to the store. However, all these brands have added their own special sauce to their phones and put an HTC, Samsung, Motorola, LG, Sony or other front on the phone that has been programmed in the base version of Android. In itself that is not a problem and it helps a user enjoy their phone that much more. But it often stops manufacturers from updating the firmware on the phone as they do not want to lose their custom development. Which is understandable, but it puts their customers at risk as there will be no more security updates.
So, is this the time to run away screaming? Not really. Yes, there is a vulnerability and yes, Bluebox is going to share it with the world at the end of this month. However, the biggest risk is when you install apps from sources that are not trusted. Granted, with Android there is a bigger risk that that game that looked so appealing is in fact a malicious trojan virus, but if you stick to the larger publishers, there is a pretty good chance you will be safe. Safest is obviously to keep your Android phone as updated as you can.
What can go wrong with your phone? Now this is the troubling part. If set up correctly, a malicious app can take over your complete phone. It can not only access all your contacts, messages, emails, documents and more, but it can also dive straight into your phone’s firmware. This means it can make calls, send messages, switch the camera on and off or even use your phone as part of a worldwide network.
In essence, it is much better to try and stay as far away from this as you can.
Though we at Techpastors cannot tell you how to completely protect yourself, we thought that this was important enough for you to know. And how real is this? Well, the image on this article shows the device information for a phone. This phone has been infected by the Bluebox team and it has changed the Baseband version to a new name which includes Bluebox. This value can not be changed by anything or anyone but the firmware, which shows that is is a serious matter.