13 October, 2009

Android OS & security

Ok, so I've been ranting on and on about Apple's and Microsoft's bad patching habits the last 6 months. There's a reason for my constant nagging, and that is: someone has to make everybody using these devices aware about the vulnerabilities and security-holes, and the procedures that are in pace to fix these issues.

The average user does not even recognize, much less read about and/or research about such things.

Then it is really up to the geeks and nerds (like myself) to try to convey a simplified explanation on these kinds of things. And the Android platform is no exception.

Google's Android OS has seen even MORE security-holes and vulnerabilities than both Apple and Microsoft since it's initial release, BUT, the Google-team developing and testing Android has direct communications with oCERT (the Open Source Computer Emergency Response Team) and so receives regular updates on critical vulnerabilities in Android, which are then rushed for patching.

Just recently, oCERT discovered two rather critical issues regarding custom-crafted SMS messages that results in a mobile-network disconnect, and another where malformed applications can generate a DoS-condition; actually rebooting the device Android is running on.

However critical these security-holes where, they have been patched since the first v1.5 service release.

Not only is the response team rapidly patching the platform, but it is even pushing out the updates only to devices that are affected by existing exploits, proof-of-concept attacks are even patched before they're exploited in RL.


0 kommentarer :

Post a Comment