subject: Google using remote kill switch to swat Android malware apps [print this page] Google using remote kill switch to swat Android malware apps
Google taken out several malicious programs from your Android Marketplace last week. The plans exploited a vulnerability from the platform that allows attackers to gain root accessibility and apparently produce a backdoor for deploying more malware. Inside a statement posted about the official Google Cellular web site this weekend by Android security lead Rich Cannings, the business has clarified the situation and described the measures it is taking to handle the situation.
Along with preventing additional infection by eliminating the malicious applications in the Android Marketplace, Google may also be employing its remote kill switch to forcibly uninstall the software from contaminated handsets. The organization is additionally pushing out an update to your Android Market place that will reverse the exploit, hence preventing the attackers from using it to trigger more injury. Google has previously started to deliver out e-mails to impacted consumers so that you can describe the circumstance.
Despite the fact that Google can deploy computer software to undo the injury triggered from the malware, the underlying vulnerability that the attackers exploited can not be closed so easily. Google says that the bug is fixed in Android 2.2.two and later, but there are nonetheless a considerable number of consumers at danger simply because their handsets runs a earlier model with the operating program. Google is creating a patch offered, but it's going to be as much as the carriers and handset makers to make certain that the patch gets deployed. In light with the cellular industry's very poor monitor record updating Android phones, it is feasible that this flaw will go on to become exploitable on the considerable amount of handsets.
In accordance to Cannings, the attackers only extracted a special identifier for every device and failed to go any more, nevertheless they could even now possibly utilize the deployed malware for more insidious purposes.
"We feel that the only information the attacker(s) had been capable to collect was device-specific (IMEI/IMSI, exclusive codes which are used to determine cellular gadgets, and also the version of Android running on your gadget). But offered the nature from the exploits, the attacker(s) could accessibility other information, which is why we have taken quite a few actions to safeguard individuals who downloaded a malicious software," Cannings wrote.
Google also intends to adopt some measures that can block malicious applications with equivalent habits from getting distributed with the Android Market place. Cannings didn't offer any distinct details, nevertheless, about how that will be achieved.
Google's response is acceptable, but it is troubling that a lot of customers must depend on the cellular carriers to be able to get vital security updates. The issue reflects a severe weakness in Android's decentralized update model.
