Skip to main content

Check Your Android Phone for Security Vulnerabilities

With the rising popularity of Android powered smartphones and devices, Android malware has been increasing at an alarming level. According to security research firm Kaspersky Labs, the volume of new malware targeting Android devices nearly tripled in the second quarter of 2012 and this will only get worse in coming months. While the number of malicious programs targeting Android pales in comparison to the millions or so found on Windows, it is still a sizeable chunk that should worry any Android smartphone user who frequently download apps from the Internet.

Smartphone security firm Duo Security released a new free app dubbed X-Ray For Android that checks the operating system on consumer devices for known, but unpatched, security flaws.

xray-android xray-android2

X-Ray scans your Android device to determine whether there are vulnerabilities that remain unpatched by your carrier or phone manufacturer. Unlike antivirus software, X-Ray isn't designed to compare the signatures of apps installed on a device with a list of suspicious applications. Instead, the app looks for the presence of certain privilege escalation vulnerabilities that are known to present on Android platform and which are exploited by malware to gain full, unrestricted control over an Android device.

These vulnerabilities go unpatched for many months due to conservative carrier patching practices and the malware authors capitalize on this. According to a research conducted last year by Bit9 Samsung took 316 days to patch its Galaxy Mini smartphone after Google released an Android update. Meanwhile, the fastest update - a Droid X patch from Motorola - still required 141 days to be released.

When X-Ray finds a vulnerable smartphone, it notifies the user. Unfortunately, the user with a vulnerable phone has only a limited number of options. The user can check their carrier or the phone manufacturer for an update, and if there is no patch, the only way out is to root the phone and install a third-party ROM such as CyanogenMod that may have patched the vulnerabilities.

The primary cause for worry is that many malicious programs are served from Google Play Store. Unlike the Apple Store, the Google Play Store is more open to developers, but that doesn’t mean that it is lawless wilderness filled with malicious wilderness. Google uses an automated scanning tool codenamed Bouncer to scan for known malware, spyware and trojans in the Play Store. They also run every app uploaded to the Play Store in a virtual environment and looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. Since the introduction of Bouncer, Google reported a 40% decrease in the number of potentially-malicious apps in the Android Market. But Bouncer is not foolproof, as evident from an early July Symantec report that identified two malicious apps in the Play Store that racked up between 50,000 and 100,000 downloads. The biggest source of Android malware is still from third party stores and websites that Google has no control over.

Even if you have an Android antivirus software, and stay away from alternative markets, I highly recommend you to download X-ray for Android and scan your device for vulnerabilities.

via LockerGnome and Verge


Popular posts from this blog

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.

Diagram 101: Different Types of Diagrams and When To Use Them

Diagrams are a great way to visualize information and convey meaning. The problem is that there’s too many different types of diagrams, so it can be hard to know which ones you should use in any given situation. To help you out, we’ve created this diagram that lays out the 7 most common types of diagrams and when they’re best used:

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.