Android security breach
Prevent getting hijacked
We place so much importance in our smartphones – that shiny little device that we merrily use to shop, chat, watch, listen, browse and play every day – but is it safe? How readily could someone actually hack into this and pilfer the details you store within it?
Hacking is sometimes viewed from afar as something incredibly complex that only happens to people with plenty to lose. ‘Why would they come for me, I’m not worth stealing from?’ you might ask. Don’t be lulled into a false sense of security.
Yet here’s the thing: it’s an awful lot easier to hack your details than you may fear. It’s thought that 110 million people in the US – a staggering half of the adult population – were hacked in the 12 months to May 2014.
There’s no Mission Impossible-esque hi jinks required to break into your phone or the software within it. Secondly, even the smallest scale consumer can get fooled by the fact it is an app, platform or piece of software that is the target and that IS a target worth taking down.
Take Android, for example. The Google-owned operating system recently came under the spotlight for ‘certifi-gate’ (it’s not an official thing until suffixed by ‘gate’ is it?). This was an issue revealed to affect the sort of apps that come pre-loaded onto Android devices by manufacturers such as Samsung and HTC and cannot be removed.
Through remote access to these apps the device – and therefore your details – could be tracked and used. It meant that potentially hundreds of millions of users were compromised.
Patches and fixes were quickly rolled out to close this potentially dangerous loophole and Google thanked researchers for their efforts to uncover the issue.
Yet these sorts of issues do occur from time to time. Take this other case affecting Android this year. As Forbes, not known for hyperbole and scaremongering, put it ‘it only takes one text to hack 950 million Android phones’. Ouch.
In that case expert Joshua Drake, of Zimperium zLabs, pointed out ‘remote code execution’ bugs buried in multimedia messages using Stagefright that, once opened, write code onto the device and then set about infiltrating the apps and getting its claws on valuable data.
Google, again, to its credit thanked the expert and dutifully issued the requisite support and fixes needed to close this up swiftly.
But, what happens if the people who uncover these weaknesses are out to make mischief? Hackers are not put off by a patch; they simply turn their fire onto the next possible victim.
If you’re an Android user that taps into a TalkTalk home network, for example, you’re probably feeling quite hard done by now after the service provider was hit by a ‘significant and sustained’ cyber-attack.
The TalkTalk breach appears to have been more sophisticated in its nature and millions of customers now face the worry that their data – maybe even their credit card and bank details – are at large.
As BBC Technology correspondent Rory Cellan-Jones explained: “We are being told that this was what's called a DDoS - a distributed denial of service attack - where a website is hit by waves of traffic so intense that it cannot cope.
“What is not clear is why this would result in the loss of data rather than just the site going down. One suggestion is that the DDoS was a means of distracting TalkTalk's defence team while the criminals went about their work.
I'm assured that TalkTalk customers' details, including banking information, were all being held in the UK rather than in some overseas data centre. What is less clear is the extent to which that data was encrypted.”
Now matter how reputable and large the company you are dealing with – Android and TalkTalk are hardly small fry – it’s clear that you need to build your own added line of defence against hackers.
Without security software, and we’re talking proper McAfee Internet Security here, not ten-a-penny cheap and not-so-cheerful rubbish, you are surfing in sharky waters. It’s the equivalent of leaving the house unlocked or leaving your smartphone on show as you park your car.