Android Upgrades Serve As Entry Points For Malware


A team of researchers have reportedly found that the Google’s Android operating system upgrades are likely to be way for malware to infect your smart device, even through the security measures. The basic exercise that is aimed at minimizing the risk of infection, can bring the same.

According to a Forbes report, the researchers collective comprises people from Indiana University, US and Microsoft. The research synopsis new “backdoor in Android’s malware protections.” They will present a paper at the IEEE Security and Privacy symposium in May, after compiling the entire report.

Such infections arise when a user is led into installing a seemingly safe app, which asks for either few or no permissions to access your phone’s data or use its features. While, if you upgrade to the latest version of the Android OS, the malware app is found to “silently” upgrades itself. These apps can access your smartphone’s information or even control its functions by of reaching out to voicemails, login credentials, text messages, and call logs, which is also bets on the Android version in use.

Xiaofeng Wang, head of Security Systems Lab, Indiana University, said, “The attacker takes advantage of the upgrade process to also elevate their malware’s privileges on the phone. What we’ve found is a very important and pervasive vulnerability in Android, and it exists on every Android device.”

The Security Systems Lab has dubbed the found bugs as “Pileup” (Privileged Escalation Through Updating). They claim to have found six distinct dangers in how the OS induces the updates.

The malware affected a least of 3,500 different Android customised versions installed on handsets that are owned by LG, Samsung, HTC, and Google. The university has contacted Google, while a response is still awaited from the company.

Leave a Reply