A Blog by Jonathan Low

 

Nov 26, 2015

Google Can Remotely Bypass the Passcodes of 74% of All Android Devices

Just a thought as you surreptitiously sneak away from the family to check messages. JL

Ellie Zolfagharifhard reports in the Daily Mail:

This is according to a document prepared by the New York District Attorney's Office which revealed just how easily investigators could see the contents of a device.
Older versions of Android can be remotely reset by Google if the company is issued with a court order, but only if they're locked using a pattern. 
This is according to a document prepared by the New York District Attorney's Office which revealed just how easily investigators could see the contents of a device.
Devices running Android 5.0 and newer cannot be remotely reset as they use full disk encryption.

Older versions of Android locked with a pattern can be remotely reset by Google if the company is issued with a court order. This is according to a document by the New York District Attorney's Office which revealed how easily investigators could see the contents of a device.  Devices running Android 5.0+ can't be remotely reset
However, this option is not switched on by default.
The report found any device using an older version of the operating system is vulnerable to remote reset and according to the Android Developer Dashboard, this is 74.1 per cent of Android devices currently being used.
However, this figure is slightly misleading. 
The remote reset feature does apply to phones running operating systems before Android L, but it only applies to people how have secured their device with a pattern. 
Google can't remotely reset phones secured with a PIN or passcode, meaning the number of affected devices could be lower.  
A post from Google's Adrian Ludwig attempted to clarify the situation.
He said: 'Google has no ability to facilitate unlocking any device that has been protected with a PIN, Password, or fingerprint. 
'This is the case whether or not the device is encrypted, and for all versions of Android.
'Google also does not have any mechanism to facilitate access to devices that have been encrypted (whether encrypted by the user, as has been available since Android 3.0 for all Android devices, or encrypted by default, as has been available since Android 5.0 on select devices).

In September, a security flaw in the latest version of Android was found to be leaving millions of handsets at potential risk of criminals. Users were able to replicate the bug by opening the camera app, pulling down Notifications (left) and entering a long string of random characters in to the password field that appears (right)
'There are some devicesthat have been configured to use a "pattern" to unlock. Until Android L, "pattern" unlock did provide a recovery option with the Google account. 
'This recovery feature was discontinued with Android L.
'Also, the lost pattern recovery feature never applied to PIN or Password so if you are on an earlier model device and don't want to use the pattern recovery feature, you can switch to a PIN or Password and it will be disabled.' 

THE ANDROID MALWARE THAT IS IMPOSSIBLE TO REMOVE

A new type of Android malware has been uncovered in more than 20,000 apps - and it's impossible to remove.
The malware masquerades as popular apps, such as Facebook, Twitter and Snapchat, and installs something known as 'troganised adware' onto phones.
Lookout Security, the mobile security firm who discovered the malware, says users can only get rid of it by replacing their devices entirely.
The malware works by repackaging legitimate apps from the Google Play store with adware, and then released it to a third-party store.
The problem is that the repackaged apps remain fully functional, and so the malware is difficult to detect.
The app will then serve ads, which generates money for the hacker.
Although their may function is to display ads, their system-level status also lets them gain access to key security details built into Android.
This can let a hacker gain access to sensitive data about the user.
However, the report insists that forensic examiners are able to bypass passcodes on devices using a 'variety of forensic techniques.' 
The report compares this against iOS by Apple. The company can't remotely bypass the passcode of any device running iOS 8 or higher, and provides full disk encryption by default.
To enable full disk encryption on newer Android devices, go to the 'security' or 'storage' sections of the settings.
According mobipicker.com, the situation highlights the vulnerable state of the security system in Android OS.
For instance, in September it was revealed that a security flaw in the latest version of Android was leaving millions of handsets at potential risk of criminals.
Researchers found that entering a long string of text into the password field while the camera app is active causes the phone to crash.
This in turn exposes the phone's homescreen and bypasses the need for a correct password.
If exploited, a hacker would then be able to access all the personal files on the phone as well as install malware to control the phone remotely.
The vulnerability was discovered by researchers at the University of Texas at Austin and affects devices running Android Lollipop 5.0 and above. 
'By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilise the lockscreen, causing it to crash to the home screen,' explained John Gordon in a blog post. 
'At this point arbitrary applications can be run or developer access can be enabled to gain full access to the device and expose any data contained therein.'  
According to the blog post's step-by-step instructions, users can replicate the bug by typing a selection of random characters in to the password field before selecting and copying them. 
The researchers reported the flaw to the Android security team in June, which assigned it a 'low severity' issue. 
Google later elevated it to a moderate severity issue and has since issued a fix for the flaw, under the build number LMY48M, but this fix only applies to its own range of Nexus devices. 

0 comments:

Post a Comment