And it’s one that is largely out of the poor phone owners’ hands – all they can do is try to make their voices heard and hope that someone at the mobile carrier/smartphone manufacturer is listening. There are so many devices running so many different flavours of Android, ensuring that all of them are kept up-to-date with security patches becomes a very serious problem.
Sophos cleanup tool install#
So, if your smartphone is still running the “Eclair” version of Android, for instance, you might be at greater risk than a friend who has a smartphone running the “Gingerbread” flavour.Īs a security-conscious Android phone owner you might find yourself having to make a choice as to whether you want to wait for your mobile carrier to send you this critical security patch over the airwaves, or install a custom ROM on your device. In other words, if you’re running an older version of Android on your smartphone, you may still be vulnerable to an attack like that conducted in the information-stealing Droid Dream attack.
However, although the bug is fixed in Android 2.2.2 and later, it’s up to individual carriers and smartphone vendors to make sure that the patch is rolled-out to users running older versions of Android. The malware attack took advantage of known vulnerabilities which only affect versions of the Android operating system before 2.2.2. You see, Google’s tool undoes the damage caused by the malware – but it doesn’t fix the underlying vulnerabilities that allowed the malware to cause a nuisance in the first place. If, for any reason, you want to determine for yourself if your own Android smartphone was affected by the “Droid Dream attack” you should visit Settings / Applications / Running services and look for “DownloadManageService” in the list of running services. This is, in effect, Google’s “remote kill switch” – capable of forcibly removing offending apps from users’ phones.Īffected users will see a notification on their smartphone that a tool called “Android Market Security Tool March 2011” has been installed. This weekend, Google announced that it was pushing a clean-up tool to all of the Android smartphones it believed had been affected by the attack. In addition, Google has revoked permissions from the developer accounts which published the malware, and claims to have contacted law enforcement agencies about the malicious activity. The good news is that Google used has removed the offending apps which formed the so-called “Droid Dream” attack from the Android Market, so no-one else can be tricked into downloading them from an official source at least. Last week there were many headlines in the security press after it was discovered that malicious apps had been found on the official Android Market.
0 kommentar(er)
