HACKING
Difficult-to-remove Android multitasking bug could leave smartphones open to hijacking
PUBLISHED : Thursday, 27 August, 2015, 7:00am
UPDATED : Thursday, 27 August, 2015, 8:40am
Related topics
A security hole discovered by researchers in Google's Android operating system could leave smartphones vulnerable to hijacking.
In a series of videos posted on YouTube, researchers from the Cyber Security Lab of Pennsylvania State University demonstrated how the vulnerability could be exploited by a malicious app to take control of someone's phone.
After downloading and running a malicious app on a user's phone, the researchers had complete remote control of the device and access to sensitive data. Unlike previous security breaches detected in Android however, the problem stems from a fundamental feature, without which the whole system would not function.
READ MORE: One in every 10 Android apps 'contains malicious code' – US-China study
That could make fixing the hole incredibly difficult.
At a paper presented at the USENIX security conference earlier this month, the Penn State researchers said that Android's multitasking function – which allows users to run several apps at once and switch between them – makes "all recent versions of Android vulnerable to task hijacking attacks".
In an examination of more than 6.8 million apps on various Android stores, the researchers found the risk to be "prevalent".
“Attackers may steal login credentials, implement ransomware and spy on users' activities,” the paper said.
Ren Chuangang, one of the authors of the study, told the South China Morning Post that he and his fellow researchers had alerted Google to the problem, but the firm said it had "no immediate plan to fix this issue".
"The vulnerability stems from the unique design of Android multitasking," he said.
"Fixing the issue requires balancing security with the usefulness of the feature."
That meant any effort to reduce the security risk would negatively affect user experience, and unless the multitasking feature was removed from Android, or completely reprogrammed, the threat would persist.
“Our intention is to make users aware of the security risks,” Ren said.
“For normal users, the best option is to install software from legitimate official sources, and be cautious of the security risks when using an app from untrusted sources.”
Google did not respond to a request to comment from the Post. Speaking to UK tech site The Register however, a spokeswoman said the researchers had overstated the threat.
"Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features," she said.
However, while that may be true for users in the west, Google's official Play store is blocked in China, and users there are far more used to downloading apps from unverified and potentially malicious sources.
Android has come under fire in the past for poor security. A joint study by Chinese and US researchers earlier this year found that one in every ten Android apps contained malicious code.
Most Popular
Viewed
- 1
![In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels]( "In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels")
- 2
![Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters]( "Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters")
- 3
![Parallel traders collect iPhones from customers outside the Apple store in Causeway Bay. Photo: Edward Wong]( "Parallel traders collect iPhones from customers outside the Apple store in Causeway Bay. Photo: Edward Wong")
- 4
![A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi]( "A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi")
- 5
![The Luohu district of Shenzhen, third in a new list of Asian tech hotspots compiled by Colliers. Photo: SCMP]( "The Luohu district of Shenzhen, third in a new list of Asian tech hotspots compiled by Colliers. Photo: SCMP")
Shared
- 1
![Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters]( "Alibaba Group Holding executive chairman Jack Ma Yun had promised to create 1 million jobs in the US during a meeting with US President Donald Trump in January last year. Photo: Reuters")
- 2
![In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels]( "In the second report in a series, He Huifeng and Celia Chen look at how Beijing's ambitious industrial plan aims to break China’s reliance on foreign technology and pull its hi-tech industries up to Western levels")
- 3
![Parallel traders collect iPhones from customers outside the Apple store in Causeway Bay. Photo: Edward Wong]( "Parallel traders collect iPhones from customers outside the Apple store in Causeway Bay. Photo: Edward Wong")
- 4
![A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi]( "A screenshot from independently produced documentary Bitcoin Girl, available on streaming video service iQiyi, shows the titular cryptocurrency user, who is known by her online name He Youbing. Photo: iQiyi")
- 5
![Meituan’s shares will begin trading on Thursday in Hong Kong after the company raised HK$33.14 billion. Photo: Bloomberg]( "Meituan’s shares will begin trading on Thursday in Hong Kong after the company raised HK$33.14 billion. Photo: Bloomberg")
Commented
- 1
![Illustration: Craig Stephens]( "Illustration: Craig Stephens")
- 2
![The Vietnam war, fought over nearly two decades from 1955 to 1975, took four US presidents to untangle. Let’s hope this unwinnable trade war will not take as long]( "The Vietnam war, fought over nearly two decades from 1955 to 1975, took four US presidents to untangle. Let’s hope this unwinnable trade war will not take as long")
- 3
![Traditional Chinese parents – especially mothers – can push children to breaking point with their over-dominance and quest for perfection. That is not a healthy attitude, says a Hong Kong concern group]( "Traditional Chinese parents – especially mothers – can push children to breaking point with their over-dominance and quest for perfection. That is not a healthy attitude, says a Hong Kong concern group")
- 4
![Financial markets must wake up to the damage and havoc wreaked by this US-China trade war]()
- 5
![US President Donald Trump speaks during a campaign rally in Las Vegas on September 20. Photo: Getty Images]( "US President Donald Trump speaks during a campaign rally in Las Vegas on September 20. Photo: Getty Images")
You may also like
Never-fading memories are made of ... digitalised photo albums
In partnership with: HKT PREMIER
Award-winning scientists to host forum
Sponsored by: LCSD - Science Museum
Comments: