Researchers find new vulnerabilities in Android OS

23 Sep 2011

Researchers have found two new vulnerabilities in Google's Android operating system (OS), with one of them letting hackers gain full access to users' smartphones.

The researchers, Jon Oberheide and Zach Lanier said the first flaw that affected all Android devices regardless of the OS version, allowed the installation of applications without users' approval. This could be regarded as "permission escalation vulnerability," and affected all Android handsets regardless of the OS version. 

Attackers could use the security hole to install ''arbitrary applications with arbitrary permission'' according to reports. This meant, once implemented, hackers could install anything they wanted to, accessing users' data such as call records, texts, web browsing history and media. 

The second flaw affected only Samsung Nexus S handsets and it allowed hackers to gain root access and then gain full control over the handset. 

There have also been reports over the past few months of Android phone users being hit with malware that sent text messages, made calls to premium numbers and leaked personal information about the user. 

In August, researcher Dinesh Venkatesan revealed information about an Android trojan that could record conversation. Venkatesan said the trojan started recording conversation after a user clicked on the install button on a message that appeared almost identical to the application's installation screen.