- CrackBerry User
- 33 Posts
Android security holes worry FBI, DHS
I want to share this news. Everyone know about the security vulnerabilities of Android but here is something that BB can take advantage of and go after the government agencies and tell them: "Hey you know the risks, if you don't please read here and by the way I am not saying it is your own government".
Android security holes worry FBI, DHS
August 26, 2013 | Zack Whittaker
Federal government security experts are increasingly uneasy about the threats to law enforcement from using older versions of the mobile OS.
The FBI and the Department of Homeland Security are increasingly aware of the threats that law enforcement officers and officials face at a federal, state, and local level by using older versions of the Android mobile operating system, according to a document obtained by Public Intelligence, a group focused on releasing government information to the masses.
According to the document (PDF) -- marked as unclassified but "for official use only," and designed for police, fire, emergency medical services, and security personnel -- upwards of 44 percent of Android users worldwide are still using Android versions 2.3.3 to 2.3.7, which still contain security vulnerabilities fixed in later versions.
The document, which is a month old but was posted by Public Intelligence late last week, does not state how many US government agencies are using Android, let alone older versions of Android, on their networks.
Android continues to be a "primary target for malware attacks due to its market share and open source architecture," the document states, and an uptick in mobile device use by government staffers "makes it more important than ever to keep mobile [operating systems] patched and up-to-date."
Some highlights from the report:
79 percent of mobile malware threats affect Android, while 19 percent target Symbian. Windows Mobile, BlackBerry, iOS, and others all peg in at less than 1 percent each. (The source of the figures is not known.)
SMS text messages represent "nearly half" of the malicious applications circulating today on older Android operating systems. Users can mitigate by installing Android security suites on their devices.
Rootkits also pose a massive threat. The DHS/FBI document notes that in late 2011, popular rootkit Carrier IQ was installed on millions of devices, including Apple iPhones (though Apple later removed the software) and dozens of different types of Android devices. These rootkits often go undetected and can log usernames, passwords, and traffic without the user's knowledge -- a serious security risk in a government setting.
Fake Google Play domains are sites created by cybercriminals, the document notes, which replicate the Android application store to trick users into installing fake or malicious apps. DHS/FBI note that only IT-approved updates should be allowed, hinting that IT department should ensure secure IT policies from back-end mobile device management services.
This story originally posted as "Millions of Android users vulnerable to security threats, say feds" on ZDNet.
- 08-26-13, 05:24 PM #2
- CrackBerry Genius
08-29-13, 05:43 AM #3
- 2,003 Posts
More reading material.
Without end-users and corporations playing safely the Internet ecosystem stands to become very muddied indeed. How many free Android App users realise that the presenters of in-app advertising (essentially links to websites) inherit by default - the same permissions as the app in which they are contained?
It's been said before. "If it's free, then YOU are the Product"
Z10 via CB 10
- 08-29-13, 09:12 AM #4
just to be fair to them, i don't think devices that are 4.0 and above are THAT vulnerable. If memory serves me right, the ones pre-ICS are very vulnerable to malwares, but 4.0 and onwards are more resilient, no?
- 08-29-13, 09:19 AM #5
- 08-29-13, 09:22 AM #6
The fbi and dhs wouldn't be using the Android that everyone else uses. There is a special version for these purposes. Now if the police are using consumer android then yep but they should also be limited in what they can put on it.
- 08-29-13, 10:12 AM #9
On your two questions -
1) First question - The definition of "better" is dependent upon the needs of an agency. Example - for an agency that needs security above everything else and needs little in terms of third party applications, or custom applications, BlackBerry on BES is the best possible solution. That said
a) There are instances where "good enough" security is secondary to the need for custom apps. Example - the ability to develop a tracking app for management the upkeep/maintenance of items at the Smithsonian museum.
b) There may be instances where a secure agency may need the best security that can be achieved along with custom apps. Example - DoD, where field apps are developed and used on Samsung and iOS devices. And no, I am not speaking of Top Secret level security. BlackBerry *is not* approved at the Top Secret level.
2) Second question - Related to my first response, all devices are locked down dependent upon the need of the agency. At the stringest level of BES, you cannot even use the browser, let alone load an app from BlackBerry World. There are configurations that fall below that extreme, such as my agency, where I cannot use BlackBerry World and where BBM had been blocked up until two years ago and where camera-less devices were needed. I have not seen WP devices deployed but any iPhone or Android would similarly be locked down depending on the need and requirement of the agency.
My personal preference in the workplace is BlackBerry on BES and I've done all I can to keep BlackBerry here. But the climate *is* changing. Samsung/Knox is receiving *a lot* of attention. I just fought down a Google Nexus suggestion. Because for my agency, BlackBerry on BES is the best possible solution. For my personal devices, I use all four platforms - BBOS, BB10, iOS and Android.
- 08-29-13, 10:32 AM #10
interesting. I've heard of stories that Mr. President Obama is the only president not to use the special handphone made for them, I presume that's the ONLY device that has the *TOP SECRET* clearance. Thanks for the info.
Here's a follow up question though. Is Samsung Knox really that good compared to BES? (let's put aside the crappy Samsung lame tongue-in-cheek youtube video of "if i can't use BBM, there's always facebook messenger" fiasco of a mess)
- 08-29-13, 04:37 PM #15
- 08-29-13, 09:59 PM #17
Still, if there's a market for BES, that means there's still room for BlackBerry to capitalize on to take advantage in their solutions. Its just that, I am led to believe, that a lot of people don't want to include BlackBerry devices into that equation of MDM end-to-end solution.
- CrackBerry Genius
09-02-13, 06:10 AM #19
- 2,003 Posts
- 09-02-13, 09:22 AM #20
- 09-04-13, 04:45 PM #22
Android 4.2 and soon to be 4.3 is safe only to a certainly degree. Because of it being open source os is can easily be hacked with the right knowledge. But even with rooting (hacking) the device you begin to notice a lot of security wholes within the device(s).
If you ever go to xda-developers or any other Android site you will eventually see post on security wholes that are constantly being patched by the community and eventually Google or other OEMs- sometimes even using the patches created by the de community.
Now I'm not saying Android is completely vulnerable, but sometimes to even secure your Android device even more you have to root it and install security apps to protect yourself from others accessing your device through root and stealing all your information.
Posted via CB10
- By BullGuard8 in forum BlackBerry Q10Replies: 16Last Post: 09-05-13, 11:59 PM
- By raino in forum News & RumorsReplies: 34Last Post: 09-02-13, 08:03 PM
- By aimee26 in forum BB10 Android App SideloadingReplies: 3Last Post: 08-26-13, 02:49 PM
- By JamieWilson01 in forum BB10 Android App SideloadingReplies: 2Last Post: 08-26-13, 12:11 PM