Bilcyber Portal » Google Unleashes Kill Switch for Android Malware
Share |
Your are here: Home // Uncategorized // Google Unleashes Kill Switch for Android Malware

Google Unleashes Kill Switch for Android Malware

Remember those 21 malware-infested applications Google removed from its Android Market last week? Google now says there were actually 58 malicious apps downloaded to 260,000 Android smartphones, and late Saturday night, Google remotely turned on its kill switch, which is able to remove those errant applications from the phones.

The kill switch is actually software that’s downloaded onto an Android smartphone and installed automatically, removing the apps in question with no user action required. In its Google Mobile Blog, the company announced:

“We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”

Google’s had this kill switch in place since 2008, and it used the remote application removal capability for the first time in June, 2010.

Google downplayed the harm caused by these malware apps, assuring users that none of their personal data has been compromised:

“For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data.”

The kill switch is not going to completely fix this problem. TechCrunch points out that Android devices are still vulnerable because of existing security holes at the system level, which must be fixed by cellular carriers and hardware manufacturers. The problem is made worse by cellular providers sticking with older versions of Android, unfortunate because the security exploit only affects Android versions 2.2.1 and older. The good news is, if an Android phone is running the latest software, that security hole has already been patched.

So commenters, is your confidence in Android shaken by this incident?

filed under: Uncategorized

Leave a reply

You must be Logged in to post comment.

Copyright © 2009 Bilcyber Portal . All rights reserved.
Designed by Theme Junkie . Powered by WordPress.